From 18ef4e0e3447ab8231cabc15eee9d0ee1ef56742 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Jun 2024 13:01:33 +0200 Subject: [PATCH 01/74] modules --- libcrux-ml-kem/src/ind_cca.rs | 248 ++++++++++++++++++++++--------- libcrux-ml-kem/src/mlkem768.rs | 110 ++++++++++++++ libcrux-ml-kem/tests/nistkats.rs | 8 + 3 files changed, 299 insertions(+), 67 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 004030438..4d733ba59 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -3,11 +3,11 @@ use crate::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, - hash_functions::{self, Hash}, + hash_functions::Hash, ind_cpa::{into_padded_array, serialize_public_key}, serialize::deserialize_ring_elements_reduced, types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, - vector::{Operations, PortableVector}, + vector::Operations, }; /// Seed size for key generation @@ -24,6 +24,151 @@ pub const ENCAPS_SEED_SIZE: usize = SHARED_SECRET_SIZE; /// A byte array of size [`SHARED_SECRET_SIZE`]. pub type MlKemSharedSecret = [u8; SHARED_SECRET_SIZE]; +macro_rules! instantiate { + ($modp:ident, $vector:path, $hash:path) => { + pub mod $modp { + use crate::{ + MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, + KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + }; + + /// Portable generate key pair. + pub(crate) fn generate_keypair_generic< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPair { + super::generate_keypair_generic::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + >(randomness) + } + + /// Portable public key validation + pub(crate) fn validate_public_key_generic< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + public_key: &[u8; PUBLIC_KEY_SIZE], + ) -> bool { + super::validate_public_key_generic::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + $vector, + >(public_key) + } + + /// Portable encapsualte + pub(crate) fn encapsulate_generic< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + >( + public_key: &MlKemPublicKey, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + super::encapsulate_generic::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + $vector, + $hash, + >(public_key, randomness) + } + + /// Portable decapsulate + pub fn decapsulate_generic< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + super::decapsulate_generic::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + $vector, + $hash, + >(private_key, ciphertext) + } + } + }; +} + +// Portable generic implementations. +instantiate! {portable, crate::vector::PortableVector, crate::hash_functions::portable::PortableHash} + +// AVX2 generic implementation. +#[cfg(feature = "simd256")] +instantiate! {avx2, crate::vector::SIMD256Vector, crate::hash_functions::avx2::Simd256Hash} + +// NEON generic implementation. +#[cfg(feature = "simd128")] +instantiate! {neon, crate::vector::SIMD128Vector, crate::hash_functions::neon::Simd128Hash} + /// Serialize the secret key. #[inline(always)] fn serialize_kem_secret_key>( @@ -56,19 +201,15 @@ pub(crate) fn validate_public_key< && libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return validate_public_key_generic::< + return avx2::validate_public_key_generic::< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - crate::vector::SIMD256Vector, >(public_key); #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - PortableVector, - >(public_key) + portable::validate_public_key_generic::( + public_key, + ) } else if cfg!(feature = "simd128") && cfg!(target_arch = "aarch64") && libcrux_platform::simd128_support() @@ -81,19 +222,13 @@ pub(crate) fn validate_public_key< crate::vector::SIMD128Vector, >(public_key); #[cfg(not(feature = "simd128"))] - validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - PortableVector, - >(public_key) + portable::validate_public_key_generic::( + public_key, + ) } else { - validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - PortableVector, - >(public_key) + portable::validate_public_key_generic::( + public_key, + ) } } @@ -128,16 +263,13 @@ pub(crate) fn generate_keypair< >( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPair { - let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; - let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - // Runtime feature detection. if cfg!(feature = "simd256") && cfg!(target_arch = "x86_64") && libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return generate_keypair_generic::< + return avx2::generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -145,11 +277,9 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - crate::vector::SIMD256Vector, - hash_functions::avx2::Simd256Hash, - >(ind_cpa_keypair_randomness, implicit_rejection_value); + >(randomness); #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - generate_keypair_generic::< + portable::generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -157,9 +287,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, - >(ind_cpa_keypair_randomness, implicit_rejection_value) + >(randomness) } else if cfg!(feature = "simd128") && cfg!(target_arch = "aarch64") && libcrux_platform::simd128_support() @@ -177,7 +305,7 @@ pub(crate) fn generate_keypair< hash_functions::neon::Simd128Hash, >(ind_cpa_keypair_randomness, implicit_rejection_value); #[cfg(not(feature = "simd128"))] - generate_keypair_generic::< + portable::generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -185,11 +313,9 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, - >(ind_cpa_keypair_randomness, implicit_rejection_value) + >(randomness) } else { - generate_keypair_generic::< + portable::generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -197,12 +323,14 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, - >(ind_cpa_keypair_randomness, implicit_rejection_value) + >(randomness) } } +/// Generate a key pair. +/// +/// Depending on the `Vector` and `Hasher` used, this requires different hardware +/// features fn generate_keypair_generic< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -214,9 +342,11 @@ fn generate_keypair_generic< Vector: Operations, Hasher: Hash, >( - ind_cpa_keypair_randomness: &[u8], - implicit_rejection_value: &[u8], + randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPair { + let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; + let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; + let (ind_cpa_private_key, public_key) = crate::ind_cpa::generate_keypair::< K, CPA_PRIVATE_KEY_SIZE, @@ -262,7 +392,7 @@ pub(crate) fn encapsulate< && libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return encapsulate_generic::< + return avx2::encapsulate_generic::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -276,11 +406,9 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - crate::vector::SIMD256Vector, - hash_functions::avx2::Simd256Hash, >(public_key, randomness); #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - encapsulate_generic::< + portable::encapsulate_generic::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -294,15 +422,13 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(public_key, randomness) } else if cfg!(feature = "simd128") && cfg!(target_arch = "aarch64") && libcrux_platform::simd128_support() { #[cfg(not(feature = "simd128"))] - return encapsulate_generic::< + return portable::encapsulate_generic::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -316,8 +442,6 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(public_key, randomness); #[cfg(all(feature = "simd128", target_arch = "aarch64"))] encapsulate_generic::< @@ -338,7 +462,7 @@ pub(crate) fn encapsulate< hash_functions::neon::Simd128Hash, >(public_key, randomness) } else { - encapsulate_generic::< + portable::encapsulate_generic::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -352,8 +476,6 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(public_key, randomness) } } @@ -431,7 +553,7 @@ pub(crate) fn decapsulate< && libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return decapsulate_generic::< + return avx2::decapsulate_generic::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -448,11 +570,9 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - crate::vector::SIMD256Vector, - hash_functions::avx2::Simd256Hash, >(private_key, ciphertext); #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - return decapsulate_generic::< + return portable::decapsulate_generic::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -469,8 +589,6 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(private_key, ciphertext); } else if cfg!(feature = "simd128") && cfg!(target_arch = "aarch64") @@ -498,7 +616,7 @@ pub(crate) fn decapsulate< hash_functions::neon::Simd128Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd128"))] - return decapsulate_generic::< + return portable::decapsulate_generic::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -515,11 +633,9 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(private_key, ciphertext); } else { - decapsulate_generic::< + portable::decapsulate_generic::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -536,8 +652,6 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - PortableVector, - hash_functions::portable::PortableHash, >(private_key, ciphertext) } } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 79db9a660..132f33680 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -44,6 +44,109 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// Am ML-KEM 768 Key pair pub type MlKem768KeyPair = MlKemKeyPair; +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path) => { + pub mod $modp { + use super::*; + use $p as p; + + /// Validate a public key. + /// + /// Returns `Some(public_key)` if valid, and `None` otherwise. + pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { + if p::validate_public_key_generic::< + RANK_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + >(&public_key.value) + { + Some(public_key) + } else { + None + } + } + + /// Generate ML-KEM 768 Key Pair + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem768KeyPair { + p::generate_keypair_generic::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + /// Encapsulate ML-KEM 768 + /// + /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + /// bytes of `randomness`. + pub fn encapsulate( + public_key: &MlKem768PublicKey, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem768Ciphertext, MlKemSharedSecret) { + p::encapsulate_generic::< + RANK_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 768 + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem768PrivateKey, + ciphertext: &MlKem768Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate_generic::< + RANK_768, + SECRET_KEY_SIZE_768, + CPA_PKE_SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } + }; +} + +// Instantiations + +instantiate! {portable, ind_cca::portable} +#[cfg(feature = "simd256")] +instantiate! {avx2, ind_cca::avx2} +#[cfg(feature = "simd128")] +instantiate! {neon, ind_cca::neon} + /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. @@ -65,6 +168,13 @@ pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option MlKem768KeyPair { generate_keypair::< diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 980501bb7..cf3a1c848 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -84,3 +84,11 @@ impl_nist_known_answer_tests!( mlkem1024::encapsulate, mlkem1024::decapsulate ); + +impl_nist_known_answer_tests!( + kyber768_nist_kats_portable, + 768, + mlkem768::portable::generate_key_pair, + mlkem768::portable::encapsulate, + mlkem768::portable::decapsulate +); From d9fe4a335188b3d483afb9c160f249860693255b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 4 Jun 2024 20:02:57 +0200 Subject: [PATCH 02/74] neon in ind_cca --- libcrux-ml-kem/src/ind_cca.rs | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 4d733ba59..ecb22e165 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -215,11 +215,10 @@ pub(crate) fn validate_public_key< && libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return validate_public_key_generic::< + return neon::validate_public_key_generic::< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, - crate::vector::SIMD128Vector, >(public_key); #[cfg(not(feature = "simd128"))] portable::validate_public_key_generic::( @@ -293,7 +292,7 @@ pub(crate) fn generate_keypair< && libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return generate_keypair_generic::< + return neon::generate_keypair_generic::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -301,9 +300,7 @@ pub(crate) fn generate_keypair< BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, - crate::vector::SIMD128Vector, - hash_functions::neon::Simd128Hash, - >(ind_cpa_keypair_randomness, implicit_rejection_value); + >(randomness); #[cfg(not(feature = "simd128"))] portable::generate_keypair_generic::< K, @@ -444,7 +441,7 @@ pub(crate) fn encapsulate< ETA2_RANDOMNESS_SIZE, >(public_key, randomness); #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - encapsulate_generic::< + neon::encapsulate_generic::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -458,8 +455,6 @@ pub(crate) fn encapsulate< ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - crate::vector::SIMD128Vector, - hash_functions::neon::Simd128Hash, >(public_key, randomness) } else { portable::encapsulate_generic::< @@ -595,7 +590,7 @@ pub(crate) fn decapsulate< && libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return decapsulate_generic::< + return neon::decapsulate_generic::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -612,8 +607,6 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - crate::vector::SIMD128Vector, - hash_functions::neon::Simd128Hash, >(private_key, ciphertext); #[cfg(not(feature = "simd128"))] return portable::decapsulate_generic::< From a3de8b1f7ae4e9d9f5176ad5e5fd98838a622741 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 4 Jun 2024 20:40:11 -0700 Subject: [PATCH 03/74] Update config --- libcrux-ml-kem/c.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 1c8e4cff8..21e194915 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -35,6 +35,8 @@ files: monomorphizations_using: - [libcrux_sha3, neon, "*"] - [libcrux_sha3, simd, arm64, "*"] + monomorphizations_exact: + - [libcrux_sha3, generic_keccak, "KeccakState__core_core_arch_arm_shared_neon_uint64x2_t_$2size_t"] include_in_h: - '"intrinsics/libcrux_intrinsics_arm64.h"' From 01899c131b68299a6f910ff62a0c7902ed75dbbd Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 5 Jun 2024 10:41:52 +0200 Subject: [PATCH 04/74] add `Cargo.lock` --- .gitignore | 1 - Cargo.lock | 2006 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 2006 insertions(+), 1 deletion(-) create mode 100644 Cargo.lock diff --git a/.gitignore b/.gitignore index f2eb8a8ef..71e87e917 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ /target -/Cargo.lock .vscode .DS_Store benches/boringssl/build diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 000000000..afa7a0389 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2006 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstream" +version = "0.6.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" + +[[package]] +name = "anstyle-parse" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad186efb764318d35165f1758e7dcef3b10628e26d41a44bc5550652e6804391" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" +dependencies = [ + "anstyle", + "windows-sys", +] + +[[package]] +name = "arbitrary" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110" + +[[package]] +name = "autocfg" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "benchmarks" +version = "0.0.2-pre.2" +dependencies = [ + "chacha20poly1305", + "criterion", + "curve25519-dalek", + "lib25519", + "libcrux", + "libjade-sys", + "openssl", + "p256", + "pqcrypto-kyber", + "rand", + "rand_core", + "ring", + "sha2", + "sha3", + "x25519-dalek", + "x25519-dalek-ng", +] + +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn 2.0.66", + "which", +] + +[[package]] +name = "bitflags" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cast" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" + +[[package]] +name = "cc" +version = "1.0.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" +dependencies = [ + "jobserver", + "libc", + "once_cell", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "clap" +version = "4.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "clap_lex" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" + +[[package]] +name = "colorchoice" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" + +[[package]] +name = "console_error_panic_hook" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc" +dependencies = [ + "cfg-if", + "wasm-bindgen", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +dependencies = [ + "libc", +] + +[[package]] +name = "criterion" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f" +dependencies = [ + "anes", + "cast", + "ciborium", + "clap", + "criterion-plot", + "is-terminal", + "itertools 0.10.5", + "num-traits", + "once_cell", + "oorandom", + "plotters", + "rayon", + "regex", + "serde", + "serde_derive", + "serde_json", + "tinytemplate", + "walkdir", +] + +[[package]] +name = "criterion-plot" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" +dependencies = [ + "cast", + "itertools 0.10.5", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" + +[[package]] +name = "crunchy" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "rand_core", + "typenum", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "fiat-crypto", + "platforms", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "curve25519-dalek-ng" +version = "4.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" +dependencies = [ + "byteorder", + "digest 0.9.0", + "rand_core", + "subtle-ng", + "zeroize", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "either" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "env_logger" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a19187fea3ac7e84da7dacf48de0c45d63c6a76f9490dae389aead16c243fce3" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" +dependencies = [ + "humantime", + "is-terminal", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "errno" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "half" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888" +dependencies = [ + "cfg-if", + "crunchy", +] + +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +dependencies = [ + "serde", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "is-terminal" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" + +[[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] + +[[package]] +name = "js-sys" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "keccak" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "lib25519" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "libc", + "pkg-config", +] + +[[package]] +name = "libc" +version = "0.2.155" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" + +[[package]] +name = "libcrux" +version = "0.0.2-pre.2" +dependencies = [ + "clap", + "getrandom", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hex", + "libcrux", + "libcrux-hacl", + "libcrux-platform", + "log", + "pretty_env_logger", + "quickcheck", + "quickcheck_macros", + "rand", + "rand_core", + "serde", + "serde_json", + "wasm-bindgen", + "wasm-bindgen-test", +] + +[[package]] +name = "libcrux-fuzz" +version = "0.0.0" +dependencies = [ + "libcrux", + "libfuzzer-sys", + "rand", +] + +[[package]] +name = "libcrux-hacl" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "hex", + "libcrux-platform", + "wasm-bindgen-test", +] + +[[package]] +name = "libcrux-intrinsics" +version = "0.0.2-pre.2" +dependencies = [ + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", +] + +[[package]] +name = "libcrux-ml-dsa" +version = "0.0.2-pre.2" +dependencies = [ + "hex", + "libcrux-sha3", + "serde", + "serde_json", +] + +[[package]] +name = "libcrux-ml-kem" +version = "0.0.2-pre.2" +dependencies = [ + "criterion", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hex", + "libcrux-intrinsics", + "libcrux-ml-kem", + "libcrux-platform", + "libcrux-sha3", + "rand", + "rand_core", + "serde", + "serde_json", +] + +[[package]] +name = "libcrux-platform" +version = "0.0.2-pre.2" +dependencies = [ + "libc", +] + +[[package]] +name = "libcrux-pqclean" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "fs_extra", +] + +[[package]] +name = "libcrux-sha3" +version = "0.0.2-pre.2" +dependencies = [ + "criterion", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hex", + "libcrux-intrinsics", + "libcrux-platform", + "rand", +] + +[[package]] +name = "libcrux-simd" +version = "0.0.2-pre.2" +dependencies = [ + "libcrux-platform", +] + +[[package]] +name = "libfuzzer-sys" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a96cfd5557eb82f2b83fed4955246c988d331975a002961b07c81584d107e7f7" +dependencies = [ + "arbitrary", + "cc", + "once_cell", +] + +[[package]] +name = "libjade-sys" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "libcrux-platform", + "pretty_env_logger", +] + +[[package]] +name = "libloading" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" + +[[package]] +name = "log" +version = "0.4.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" + +[[package]] +name = "memchr" +version = "2.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-bigint" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "oorandom" +version = "11.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "openssl-sys" +version = "0.9.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + +[[package]] +name = "platforms" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" + +[[package]] +name = "plotters" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +dependencies = [ + "num-traits", + "plotters-backend", + "plotters-svg", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "plotters-backend" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" + +[[package]] +name = "plotters-svg" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +dependencies = [ + "plotters-backend", +] + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "pqcrypto-internals" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9d34bec6abe2283e6de7748b68b292d1ffa2203397e3e71380ff8418a49fb46" +dependencies = [ + "cc", + "dunce", + "getrandom", + "libc", +] + +[[package]] +name = "pqcrypto-kyber" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15c00293cf898859d0c771455388054fd69ab712263c73fdc7f287a39b1ba000" +dependencies = [ + "cc", + "glob", + "libc", + "pqcrypto-internals", + "pqcrypto-traits", +] + +[[package]] +name = "pqcrypto-traits" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94e851c7654eed9e68d7d27164c454961a616cf8c203d500607ef22c737b51bb" + +[[package]] +name = "pretty_env_logger" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "865724d4dbe39d9f3dd3b52b88d859d66bcb2d6a0acfd5ea68a65fb66d4bdc1c" +dependencies = [ + "env_logger 0.10.2", + "log", +] + +[[package]] +name = "prettyplease" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +dependencies = [ + "proc-macro2", + "syn 2.0.66", +] + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro-error" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +dependencies = [ + "proc-macro-error-attr", + "proc-macro2", + "quote", + "syn 1.0.109", + "version_check", +] + +[[package]] +name = "proc-macro-error-attr" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +dependencies = [ + "proc-macro2", + "quote", + "version_check", +] + +[[package]] +name = "proc-macro2" +version = "1.0.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quickcheck" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6" +dependencies = [ + "env_logger 0.8.4", + "log", + "rand", +] + +[[package]] +name = "quickcheck_macros" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b22a693222d716a9587786f37ac3f6b4faedb5b80c23914e7303ff5a1d8016e9" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "quote" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rayon" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "regex" +version = "1.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ring" +version = "0.17.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +dependencies = [ + "cc", + "cfg-if", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys", +] + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "0.38.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "ryu" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "scoped-tls" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" + +[[package]] +name = "serde" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "serde_json" +version = "1.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.7", +] + +[[package]] +name = "sha3" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +dependencies = [ + "digest 0.10.7", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "subtle-ng" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "734676eb262c623cec13c3155096e08d1f8f29adce39ba17948b18dad1e54142" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.66" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "termcolor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "tinytemplate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "utf8parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" + +[[package]] +name = "uuid" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" +dependencies = [ + "getrandom", +] + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn 2.0.66", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +dependencies = [ + "cfg-if", + "js-sys", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" + +[[package]] +name = "wasm-bindgen-test" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +dependencies = [ + "console_error_panic_hook", + "js-sys", + "scoped-tls", + "wasm-bindgen", + "wasm-bindgen-futures", + "wasm-bindgen-test-macro", +] + +[[package]] +name = "wasm-bindgen-test-macro" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "web-sys" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] +name = "winapi-util" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" + +[[package]] +name = "x25519-dalek" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" +dependencies = [ + "curve25519-dalek", + "rand_core", + "serde", + "zeroize", +] + +[[package]] +name = "x25519-dalek-ng" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" +dependencies = [ + "curve25519-dalek-ng", + "rand", + "rand_core", + "zeroize", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] From efcea30708d6223a5e6251e13d777bb0d589998e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 5 Jun 2024 14:57:11 +0200 Subject: [PATCH 05/74] more separation and a config experiment --- libcrux-ml-kem/c.sh | 2 + libcrux-ml-kem/c.yaml | 49 +- libcrux-ml-kem/c/eurydice_glue.h | 4 + libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- ...mlkem768.h => libcrux_mlkem768_portable.h} | 11 +- .../c/internal/libcrux_mlkem_avx2.h | 35 +- .../c/internal/libcrux_polynomial.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 55 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 248 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 36 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 248 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 36 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 2288 +---------------- libcrux-ml-kem/c/libcrux_mlkem768.h | 7 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 93 + libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 57 + libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2250 ++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 60 + libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 3 +- libcrux-ml-kem/c/libcrux_platform.c | 8 - libcrux-ml-kem/c/libcrux_platform.h | 2 +- libcrux-ml-kem/c/libcrux_polynomial.c | 87 +- libcrux-ml-kem/c/libcrux_polynomial.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 3 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 14 +- .../c/libcrux_sha3_libcrux_ml_kem.h | 219 ++ libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/src/ind_cca.rs | 507 +--- libcrux-ml-kem/src/ind_cca/instantiations.rs | 144 ++ libcrux-ml-kem/src/ind_cca/multiplexing.rs | 358 +++ libcrux-ml-kem/src/mlkem1024.rs | 8 +- libcrux-ml-kem/src/mlkem512.rs | 8 +- libcrux-ml-kem/src/mlkem768.rs | 22 +- 40 files changed, 3898 insertions(+), 3108 deletions(-) rename libcrux-ml-kem/c/internal/{libcrux_mlkem768.h => libcrux_mlkem768_portable.h} (96%) create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.h delete mode 100644 libcrux-ml-kem/c/libcrux_platform.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h create mode 100644 libcrux-ml-kem/src/ind_cca/instantiations.rs create mode 100644 libcrux-ml-kem/src/ind_cca/multiplexing.rs diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index cf72853bb..17af9d262 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -50,6 +50,8 @@ fi mkdir -p c cd c +rm -rf *.c *.h +rm -rf internal/*.h echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 21e194915..4348c51aa 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,17 +1,17 @@ files: # INTRINSICS - - name: libcrux_intrinsics_neon - library: true - inline_static: true - api: - - [libcrux_intrinsics, arm64] - - - name: libcrux_intrinsics_avx2 - library: true - inline_static: true - api: - - [libcrux_intrinsics, avx2] + # - name: libcrux_intrinsics_neon + # library: true + # inline_static: true + # api: + # - [libcrux_intrinsics, arm64] + + # - name: libcrux_intrinsics_avx2 + # library: true + # inline_static: true + # api: + # - [libcrux_intrinsics, avx2] - name: libcrux_platform api: @@ -182,6 +182,16 @@ files: api: - [libcrux_ml_kem, mlkem512] + - name: libcrux_mlkem768_avx2 + api: + - [libcrux_ml_kem, mlkem768, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + + - name: libcrux_mlkem768_portable + api: + - [libcrux_ml_kem, mlkem768, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + - name: libcrux_mlkem768 api: - [libcrux_ml_kem, mlkem768] @@ -190,9 +200,20 @@ files: api: - [libcrux_ml_kem, mlkem1024] - # Just a few constants not caught by anything above. Most likely can go into - # core or polynomial (TODO: try it). - - name: libcrux_mlkem_common + - name: libcrux_mlkem_multiplexing + private: + - [libcrux_ml_kem, ind_cca, multiplexing] + inline_static: true + + - name: libcrux_mlkem_ind_cca private: + - [libcrux_ml_kem, ind_cca] - [libcrux_ml_kem, "*"] inline_static: true + + # # Just a few constants not caught by anything above. Most likely can go into + # # core or polynomial (TODO: try it). + # - name: libcrux_mlkem_common + # private: + # - [libcrux_ml_kem, "*"] + # inline_static: true diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index f798f970b..bd794c456 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -155,9 +155,13 @@ static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { ? ((ret_t){.tag = core_option_None}) \ : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) +// Old name (TODO: remove once everyone has upgraded to the latest Charon) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 0ca3a224a..36a6ebec0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h similarity index 96% rename from libcrux-ml-kem/c/internal/libcrux_mlkem768.h rename to libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h index 23d48e22f..f5fcb4e07 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h @@ -2,20 +2,19 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ -#ifndef __internal_libcrux_mlkem768_H -#define __internal_libcrux_mlkem768_H +#ifndef __internal_libcrux_mlkem768_portable_H +#define __internal_libcrux_mlkem768_portable_H #if defined(__cplusplus) extern "C" { #endif -#include "../libcrux_mlkem768.h" +#include "../libcrux_mlkem768_portable.h" #include "eurydice_glue.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_internal.h" @@ -140,5 +139,5 @@ void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_ke } #endif -#define __internal_libcrux_mlkem768_H_DEFINED +#define __internal_libcrux_mlkem768_portable_H_DEFINED #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 6894d3c1f..4c7241790 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -18,56 +18,53 @@ extern "C" { #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_avx2.h" -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value); +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value); +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value); +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 57393f611..2c122c65d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_polynomial_H @@ -26,6 +26,9 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ + ((int16_t)1353) + #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) @@ -131,9 +134,6 @@ size_t libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out); -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ - ((int16_t)1353) - typedef struct K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index cf31957cc..11ada5b26 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c74eb7f77..58f4859bb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H @@ -124,6 +124,59 @@ static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; +static inline void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o20[1U]; + memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o1); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o20, (size_t)168U); + Eurydice_slice o2[1U]; + memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o30[1U]; + memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o2); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o30, (size_t)168U); + Eurydice_slice o3[1U]; + memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o4[1U]; + memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o4); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( + s, buf); +} + static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 087bc8187..8b69e17c9 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7e5b4a58b..45892cc6d 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 42254373d..ed08e6f30 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -2,17 +2,27 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem1024.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_internal.h" +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( void) { @@ -472,16 +482,17 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { - if (!!done) { + if (done) { break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uu____2, sampled_coefficients, out); } int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); @@ -987,7 +998,7 @@ encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port } static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]) { @@ -1072,30 +1083,31 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static void decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____2); - } else { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } void libcrux_ml_kem_mlkem1024_decapsulate( @@ -1108,6 +1120,17 @@ void libcrux_ml_kem_mlkem1024_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( @@ -1117,7 +1140,7 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { } static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -1178,37 +1201,39 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu return lit; } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ - uu____2; - if (uu____1) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____2; + uu____0; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2); + return uu____0; } - return uu____2; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ @@ -1222,6 +1247,15 @@ libcrux_ml_kem_mlkem1024_encapsulate( uu____0, uu____1); } +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) { return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); @@ -1503,9 +1537,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); @@ -1535,38 +1578,33 @@ generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ha uu____4)); } +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____0; + if (libcrux_platform_platform_simd256_support()) { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____1); + return uu____0; } - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } else { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } - return uu____2; + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____2); + return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t @@ -1577,6 +1615,12 @@ libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + public_key); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) { return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); @@ -1618,8 +1662,8 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( +static inline bool +validate_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[4U]; @@ -1644,27 +1688,25 @@ validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536si (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return validate_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + public_key); +} + static bool validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - bool uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - public_key); - } else { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( + if (libcrux_platform_platform_simd256_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( public_key); + return uu____0; } - return uu____2; + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); + return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a8cd738ab..b23582faf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H @@ -78,19 +78,53 @@ extern "C" { LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_mlkem1024_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index a0170dede..ec48227d1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -2,17 +2,27 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem512.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem768.h" +#include "internal/libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_internal.h" +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) { return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); @@ -428,16 +438,17 @@ sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functi sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { - if (!!done) { + if (done) { break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uu____2, sampled_coefficients, out); } int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); @@ -889,7 +900,7 @@ encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_port } static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -974,30 +985,31 @@ decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static void decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____2); - } else { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } void libcrux_ml_kem_mlkem512_decapsulate( @@ -1010,6 +1022,17 @@ void libcrux_ml_kem_mlkem512_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( @@ -1019,7 +1042,7 @@ static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { } static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -1080,37 +1103,39 @@ encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_fu return lit; } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ - uu____2; - if (uu____1) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____2; + uu____0; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____1, uu____2); + return uu____0; } - return uu____2; + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4); + return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ @@ -1124,6 +1149,15 @@ libcrux_ml_kem_mlkem512_encapsulate( uu____0, uu____1); } +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) { return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); @@ -1405,9 +1439,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); @@ -1437,38 +1480,33 @@ generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_ha uu____4)); } +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____0; + if (libcrux_platform_platform_simd256_support()) { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____1); + return uu____0; } - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } else { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } - return uu____2; + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____2); + return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t @@ -1479,6 +1517,12 @@ libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + public_key); +} + static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) { return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); @@ -1520,8 +1564,8 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); } -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( +static inline bool +validate_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector deserialized_pk[2U]; @@ -1546,27 +1590,25 @@ validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768siz (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return validate_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + public_key); +} + static bool validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - bool uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - public_key); - } else { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( + if (libcrux_platform_platform_simd256_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( public_key); + return uu____0; } - return uu____2; + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key); + return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 8dc3973a5..3dfe05c0c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_H @@ -76,19 +76,53 @@ extern "C" { LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_mlkem512_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 545e481f7..01b9e83cb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -2,1708 +2,28 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ -#include "internal/libcrux_mlkem768.h" +#include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -typedef struct - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s { - libcrux_ml_kem_vector_PortableVector fst; - libcrux_ml_kem_vector_PortableVector snd; -} __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - b, zeta_r); - b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - a, &t); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - a, &t); - return (( - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, .snd = b}); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_PortableVector a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - b, &a); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - a_minus_b, zeta_r); - return (( - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, .snd = b}); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - v, result); - return result; -} - -void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____3size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; -} PortableHash____3size_t; - -static inline PortableHash____3size_t shake128_init_absorb___3size_t( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy( - uu____1, state, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - PortableHash____3size_t lit; - memcpy( - lit.shake128_state, uu____1, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U]) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (!!done) { - break; - } - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U])); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t uu____2 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t random_bits_as_u32 = - uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t random_bits_as_u24 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - randomness); - return uu____0; -} - -static inline void ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_PortableVector t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - coefficients, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -static void -decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} static void decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - uint8_t uu____2[32U]; - if (uu____1) { - libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____2); - } else { - decapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____2); - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____2, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } void libcrux_ml_kem_mlkem768_decapsulate( @@ -1716,107 +36,28 @@ void libcrux_ml_kem_mlkem768_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ - uu____2; - if (uu____1) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____2 = - encapsulate_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____2; - } - return uu____2; + uu____0; + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2); + return uu____0; + } + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ @@ -1830,378 +71,24 @@ libcrux_ml_kem_mlkem768_encapsulate( uu____0, uu____1); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } else { - uu____2 = - generate_keypair_generic__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness, implicit_rejection_value); - } - return uu____2; + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____0; + if (libcrux_platform_platform_simd256_support()) { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____1); + return uu____0; + } + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____2); + return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t @@ -2212,94 +99,19 @@ libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { uu____0); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static bool -validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - static bool validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { bool uu____0; - uu____0 = true; - bool uu____1; - if (uu____0) { - uu____1 = libcrux_platform_platform_simd256_support(); - } else { - uu____1 = false; - } - bool uu____2; - if (uu____1) { - uu____2 = - libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - public_key); - } else { - uu____2 = - validate_public_key_generic__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + if (libcrux_platform_platform_simd256_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( public_key); + return uu____0; } - return uu____2; + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); + return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 87e876a6c..9674c7990 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_H @@ -14,10 +14,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem768_avx2.h" +#include "libcrux_mlkem768_portable.h" #include "libcrux_platform.h" -#include "libcrux_polynomial.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c new file mode 100644 index 000000000..dc8fa29e8 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -0,0 +1,93 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768_avx2.h" + +#include "internal/libcrux_mlkem_avx2.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h new file mode 100644 index 000000000..a2c748d16 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -0,0 +1,57 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_avx2_H +#define __libcrux_mlkem768_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c new file mode 100644 index 000000000..cd051f9ba --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -0,0 +1,2250 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_mlkem768_portable.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( + serialized); + return uu____0; +} + +typedef struct + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s { + libcrux_ml_kem_vector_PortableVector fst; + libcrux_ml_kem_vector_PortableVector snd; +} __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_PortableVector t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + b, zeta_r); + b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + a, &t); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, .snd = b}); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer, size_t _initial_coefficient_bound) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_PortableVector uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( + re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( + serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t _layer) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_vector_PortableVector a, + libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_PortableVector a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + b, &a); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ + .fst = a, .snd = b}); +} + +void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + v, result); + return result; +} + +void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0]); + libcrux_ml_kem_vector_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( + bytes); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +typedef struct PortableHash____3size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; +} PortableHash____3size_t; + +static inline PortableHash____3size_t shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + memcpy( + uu____1, state, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + PortableHash____3size_t lit; + memcpy( + lit.shake128_state, uu____1, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + int16_t s[272U]) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U])); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( + randomness); + return uu____0; +} + +static inline void ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_PortableVector t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_PortableVector uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_PortableVector uu____0 = + libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficients = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +static void +decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + matrix_element, &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_PortableVector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline bool +validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h new file mode 100644 index 000000000..5536e97a2 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -0,0 +1,60 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_portable_H +#define __libcrux_mlkem768_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_polynomial.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b5c800a4a..79f472cbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1747,7 +1747,7 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[2U]; @@ -2023,16 +2023,17 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { - if (!!done) { + if (done) { break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uu____2, sampled_coefficients, out); } int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); @@ -2763,9 +2764,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); @@ -3745,7 +3755,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4411,7 +4421,7 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -4607,7 +4617,7 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[4U]; @@ -4893,16 +4903,17 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { - if (!!done) { + if (done) { break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uu____2, sampled_coefficients, out); } int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); @@ -5327,9 +5338,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); @@ -5778,7 +5798,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6029,7 +6049,7 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]) { @@ -6225,7 +6245,7 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialized_pk[3U]; @@ -6495,16 +6515,17 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { - if (!!done) { + if (done) { break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uu____2, sampled_coefficients, out); } int16_t uu____3[3U][272U]; memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); @@ -6921,9 +6942,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice ind_cpa_keypair_randomness, - Eurydice_slice implicit_rejection_value) { +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); @@ -7297,7 +7327,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7507,7 +7537,7 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate_generic__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e02130610..08c2017a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem_avx2_H @@ -16,6 +16,7 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3.h" #include "libcrux_sha3_avx2.h" +#include "libcrux_sha3_libcrux_ml_kem.h" core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); diff --git a/libcrux-ml-kem/c/libcrux_platform.c b/libcrux-ml-kem/c/libcrux_platform.c deleted file mode 100644 index b1f487d73..000000000 --- a/libcrux-ml-kem/c/libcrux_platform.c +++ /dev/null @@ -1,8 +0,0 @@ -// HAND-WRITTEN FILE - -#include - -bool libcrux_platform_platform_simd256_support(void) { - // TODO: query cpuid and cache the results!! - return true; -} diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 067b38338..988a2e7f2 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 205c79c9d..23913a64a 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_polynomial.h" @@ -678,15 +678,26 @@ static libcrux_ml_kem_vector_PortableVector bitwise_and_with_constant0( static inline libcrux_ml_kem_vector_PortableVector cond_subtract_3329( libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) { - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; } + return v; } - return v; } libcrux_ml_kem_vector_PortableVector @@ -2027,28 +2038,50 @@ static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) { int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - uu____1 = sampled < (size_t)16U; - } else { - uu____1 = false; + if (sampled < (size_t)16U) { + int16_t uu____8 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____8; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; if (uu____1) { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - uu____3 = sampled < (size_t)16U; - } else { - uu____3 = false; - } - if (uu____3) { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } } } } diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h index b2778ad46..1a90c137d 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/libcrux_polynomial.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_polynomial_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7b01575cc..87bfd1a1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index aa58cae66..49e0302b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_sha3_avx2.h" @@ -1465,7 +1465,7 @@ keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8b2942720..1401fee38 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H @@ -16,6 +16,7 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +#include "libcrux_sha3_libcrux_ml_kem.h" typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 9e2be9949..e796057eb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H @@ -1090,7 +1090,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; @@ -1367,7 +1367,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; @@ -1644,7 +1644,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; @@ -1921,7 +1921,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; @@ -2029,7 +2029,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; @@ -2306,7 +2306,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option__size_t) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h new file mode 100644 index 000000000..4f8d3f20c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -0,0 +1,219 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_sha3_libcrux_ml_kem_H +#define __libcrux_sha3_libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_add_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_add_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_and_si256( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_andnot_si256( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_blend_epi16( + int32_t x0, core_core_arch_x86___m256i x1, core_core_arch_x86___m256i x2); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_castsi128_si256( + core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm256_castsi256_si128( + core_core_arch_x86___m256i x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_cmpgt_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_cvtepi16_epi32( + core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, + core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_inserti128_si256(int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m128i x2); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_slice x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_madd_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mul_epu32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mulhi_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mullo_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mullo_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_packs_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute2x128_si256(int32_t x0, + core_core_arch_x86___m256i x1, + core_core_arch_x86___m256i x2); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, + core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16( + int16_t x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32( + int32_t x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x( + int64_t x0); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi32( + int32_t x0, int32_t x1, int32_t x2, int32_t x3, int32_t x4, int32_t x5, + int32_t x6, int32_t x7); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( + int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, + int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, + int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, + int8_t x19, int8_t x20, int8_t x21, int8_t x22, int8_t x23, int8_t x24, + int8_t x25, int8_t x26, int8_t x27, int8_t x28, int8_t x29, int8_t x30, + int8_t x31); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256( + void); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_shuffle_epi32( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_shuffle_epi8( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi16( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi32( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi64( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_sllv_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srai_epi16( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srai_epi32( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi16( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi32( + int32_t x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi64( + int32_t x0, core_core_arch_x86___m256i x1); + +extern void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice x0, core_core_arch_x86___m256i x1); + +extern void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_sub_epi16( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpackhi_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpacklo_epi32( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpacklo_epi64( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_xor_si256( + core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice x0); + +extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( + core_core_arch_x86___m128i x0); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( + int16_t x0); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( + uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, + uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, + uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_shuffle_epi8( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +extern void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_slice x0, core_core_arch_x86___m128i x1); + +extern void libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice x0, core_core_arch_x86___m128i x1); + +extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( + core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index bbc97948d..3d3d86bf4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 7a7e2c455..0a665654b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 96d12198 + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ecb22e165..3c67ef508 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -24,150 +24,13 @@ pub const ENCAPS_SEED_SIZE: usize = SHARED_SECRET_SIZE; /// A byte array of size [`SHARED_SECRET_SIZE`]. pub type MlKemSharedSecret = [u8; SHARED_SECRET_SIZE]; -macro_rules! instantiate { - ($modp:ident, $vector:path, $hash:path) => { - pub mod $modp { - use crate::{ - MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, - KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, - }; +/// This module instantiates the functions in this file and multiplexes between +/// different implementations at runtime. +pub(crate) mod multiplexing; - /// Portable generate key pair. - pub(crate) fn generate_keypair_generic< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - >( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKemKeyPair { - super::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - $vector, - $hash, - >(randomness) - } - - /// Portable public key validation - pub(crate) fn validate_public_key_generic< - const K: usize, - const RANKED_BYTES_PER_RING_ELEMENT: usize, - const PUBLIC_KEY_SIZE: usize, - >( - public_key: &[u8; PUBLIC_KEY_SIZE], - ) -> bool { - super::validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - $vector, - >(public_key) - } - - /// Portable encapsualte - pub(crate) fn encapsulate_generic< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - >( - public_key: &MlKemPublicKey, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKemCiphertext, MlKemSharedSecret) { - super::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - $vector, - $hash, - >(public_key, randomness) - } - - /// Portable decapsulate - pub fn decapsulate_generic< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - >( - private_key: &MlKemPrivateKey, - ciphertext: &MlKemCiphertext, - ) -> MlKemSharedSecret { - super::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - $vector, - $hash, - >(private_key, ciphertext) - } - } - }; -} - -// Portable generic implementations. -instantiate! {portable, crate::vector::PortableVector, crate::hash_functions::portable::PortableHash} - -// AVX2 generic implementation. -#[cfg(feature = "simd256")] -instantiate! {avx2, crate::vector::SIMD256Vector, crate::hash_functions::avx2::Simd256Hash} - -// NEON generic implementation. -#[cfg(feature = "simd128")] -instantiate! {neon, crate::vector::SIMD128Vector, crate::hash_functions::neon::Simd128Hash} +/// This module instantiates the functions in this file for each platform. +/// To use these, runtime checks must be performed before calling them. +pub(crate) mod instantiations; /// Serialize the secret key. #[inline(always)] @@ -189,49 +52,8 @@ fn serialize_kem_secret_key( - public_key: &[u8; PUBLIC_KEY_SIZE], -) -> bool { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return avx2::validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - portable::validate_public_key_generic::( - public_key, - ) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return neon::validate_public_key_generic::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key); - #[cfg(not(feature = "simd128"))] - portable::validate_public_key_generic::( - public_key, - ) - } else { - portable::validate_public_key_generic::( - public_key, - ) - } -} - -fn validate_public_key_generic< +#[inline(always)] +fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, const PUBLIC_KEY_SIZE: usize, @@ -251,84 +73,11 @@ fn validate_public_key_generic< *public_key == public_key_serialized } -pub(crate) fn generate_keypair< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, ->( - randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> MlKemKeyPair { - // Runtime feature detection. - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return avx2::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - portable::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return neon::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness); - #[cfg(not(feature = "simd128"))] - portable::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } else { - portable::generate_keypair_generic::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } -} - /// Generate a key pair. /// /// Depending on the `Vector` and `Hasher` used, this requires different hardware /// features -fn generate_keypair_generic< +fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, const PRIVATE_KEY_SIZE: usize, @@ -366,116 +115,7 @@ fn generate_keypair_generic< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } -pub(crate) fn encapsulate< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, ->( - public_key: &MlKemPublicKey, - randomness: [u8; SHARED_SECRET_SIZE], -) -> (MlKemCiphertext, MlKemSharedSecret) { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return avx2::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - portable::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { - #[cfg(not(feature = "simd128"))] - return portable::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - neon::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } else { - portable::encapsulate_generic::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } -} - -fn encapsulate_generic< +fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, const PUBLIC_KEY_SIZE: usize, @@ -539,133 +179,6 @@ pub(crate) fn decapsulate< const ETA2: usize, const ETA2_RANDOMNESS_SIZE: usize, const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, ->( - private_key: &MlKemPrivateKey, - ciphertext: &MlKemCiphertext, -) -> MlKemSharedSecret { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] - return avx2::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] - return portable::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - return neon::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - #[cfg(not(feature = "simd128"))] - return portable::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - } else { - portable::decapsulate_generic::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) - } -} - -pub(crate) fn decapsulate_generic< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, Vector: Operations, Hasher: Hash, >( diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs new file mode 100644 index 000000000..0df88acef --- /dev/null +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -0,0 +1,144 @@ +macro_rules! instantiate { + ($modp:ident, $vector:path, $hash:path) => { + pub mod $modp { + use crate::{ + MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, + KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + }; + + /// Portable generate key pair. + pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPair { + crate::ind_cca::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + >(randomness) + } + + /// Portable public key validation + pub(crate) fn validate_public_key< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + public_key: &[u8; PUBLIC_KEY_SIZE], + ) -> bool { + crate::ind_cca::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + $vector, + >(public_key) + } + + /// Portable encapsualte + pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + >( + public_key: &MlKemPublicKey, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + crate::ind_cca::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + $vector, + $hash, + >(public_key, randomness) + } + + /// Portable decapsulate + pub fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + crate::ind_cca::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + $vector, + $hash, + >(private_key, ciphertext) + } + } + }; +} + +// Portable generic implementations. +instantiate! {portable, crate::vector::PortableVector, crate::hash_functions::portable::PortableHash} + +// AVX2 generic implementation. +#[cfg(feature = "simd256")] +instantiate! {avx2, crate::vector::SIMD256Vector, crate::hash_functions::avx2::Simd256Hash} + +// NEON generic implementation. +#[cfg(feature = "simd128")] +instantiate! {neon, crate::vector::SIMD128Vector, crate::hash_functions::neon::Simd128Hash} diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs new file mode 100644 index 000000000..513ebca3f --- /dev/null +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -0,0 +1,358 @@ +use super::*; + +pub(crate) fn validate_public_key< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, +>( + public_key: &[u8; PUBLIC_KEY_SIZE], +) -> bool { + if cfg!(feature = "simd256") + && cfg!(target_arch = "x86_64") + && libcrux_platform::simd256_support() + { + #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + return instantiations::avx2::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + >(public_key); + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + instantiations::portable::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + >(public_key) + } else if cfg!(feature = "simd128") + && cfg!(target_arch = "aarch64") + && libcrux_platform::simd128_support() + { + #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + return instantiations::neon::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + >(public_key); + #[cfg(not(feature = "simd128"))] + instantiations::portable::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + >(public_key) + } else { + instantiations::portable::validate_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + >(public_key) + } +} + +pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, +>( + randomness: [u8; KEY_GENERATION_SEED_SIZE], +) -> MlKemKeyPair { + // Runtime feature detection. + if cfg!(feature = "simd256") + && cfg!(target_arch = "x86_64") + && libcrux_platform::simd256_support() + { + #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + return instantiations::avx2::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness); + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + instantiations::portable::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } else if cfg!(feature = "simd128") + && cfg!(target_arch = "aarch64") + && libcrux_platform::simd128_support() + { + #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + return instantiations::neon::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness); + #[cfg(not(feature = "simd128"))] + instantiations::portable::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } else { + instantiations::portable::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } +} + +pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, +>( + public_key: &MlKemPublicKey, + randomness: [u8; SHARED_SECRET_SIZE], +) -> (MlKemCiphertext, MlKemSharedSecret) { + if cfg!(feature = "simd256") + && cfg!(target_arch = "x86_64") + && libcrux_platform::simd256_support() + { + #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + return instantiations::avx2::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness); + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + instantiations::portable::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } else if cfg!(feature = "simd128") + && cfg!(target_arch = "aarch64") + && libcrux_platform::simd128_support() + { + #[cfg(not(feature = "simd128"))] + return instantiations::portable::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness); + #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + instantiations::neon::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } else { + instantiations::portable::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } +} + +pub(crate) fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, +>( + private_key: &MlKemPrivateKey, + ciphertext: &MlKemCiphertext, +) -> MlKemSharedSecret { + if cfg!(feature = "simd256") + && cfg!(target_arch = "x86_64") + && libcrux_platform::simd256_support() + { + #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + return instantiations::avx2::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext); + #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + return instantiations::portable::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext); + } else if cfg!(feature = "simd128") + && cfg!(target_arch = "aarch64") + && libcrux_platform::simd128_support() + { + #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + return instantiations::neon::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext); + #[cfg(not(feature = "simd128"))] + return instantiations::portable::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext); + } else { + instantiations::portable::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } +} diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 3fbbd251d..8ca4e0cec 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -49,7 +49,7 @@ pub type MlKem1024KeyPair = MlKemKeyPair Option { - if ind_cca::validate_public_key::< + if multiplexing::validate_public_key::< RANK_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, @@ -70,7 +70,7 @@ pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option MlKemKeyPair { - generate_keypair::< + multiplexing::generate_keypair::< RANK_1024, CPA_PKE_SECRET_KEY_SIZE_1024, SECRET_KEY_SIZE_1024, @@ -90,7 +90,7 @@ pub fn encapsulate( public_key: &MlKem1024PublicKey, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { - ind_cca::encapsulate::< + multiplexing::encapsulate::< RANK_1024, CPA_PKE_CIPHERTEXT_SIZE_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, @@ -115,7 +115,7 @@ pub fn decapsulate( private_key: &MlKem1024PrivateKey, ciphertext: &MlKem1024Ciphertext, ) -> MlKemSharedSecret { - ind_cca::decapsulate::< + multiplexing::decapsulate::< RANK_1024, SECRET_KEY_SIZE_1024, CPA_PKE_SECRET_KEY_SIZE_1024, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index d5dc4ab47..32c8a6118 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -47,7 +47,7 @@ pub type MlKem512KeyPair = MlKemKeyPair Option { - if ind_cca::validate_public_key::< + if multiplexing::validate_public_key::< RANK_512, RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512, @@ -66,7 +66,7 @@ pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option MlKem512KeyPair { - generate_keypair::< + multiplexing::generate_keypair::< RANK_512, CPA_PKE_SECRET_KEY_SIZE_512, SECRET_KEY_SIZE_512, @@ -86,7 +86,7 @@ pub fn encapsulate( public_key: &MlKem512PublicKey, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem512Ciphertext, MlKemSharedSecret) { - ind_cca::encapsulate::< + multiplexing::encapsulate::< RANK_512, CPA_PKE_CIPHERTEXT_SIZE_512, CPA_PKE_PUBLIC_KEY_SIZE_512, @@ -111,7 +111,7 @@ pub fn decapsulate( private_key: &MlKem512PrivateKey, ciphertext: &MlKem512Ciphertext, ) -> MlKemSharedSecret { - ind_cca::decapsulate::< + multiplexing::decapsulate::< RANK_512, SECRET_KEY_SIZE_512, CPA_PKE_SECRET_KEY_SIZE_512, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 132f33680..9fa1b03f3 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -55,7 +55,7 @@ macro_rules! instantiate { /// /// Returns `Some(public_key)` if valid, and `None` otherwise. pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { - if p::validate_public_key_generic::< + if p::validate_public_key::< RANK_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, @@ -71,7 +71,7 @@ macro_rules! instantiate { pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem768KeyPair { - p::generate_keypair_generic::< + p::generate_keypair::< RANK_768, CPA_PKE_SECRET_KEY_SIZE_768, SECRET_KEY_SIZE_768, @@ -91,7 +91,7 @@ macro_rules! instantiate { public_key: &MlKem768PublicKey, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem768Ciphertext, MlKemSharedSecret) { - p::encapsulate_generic::< + p::encapsulate::< RANK_768, CPA_PKE_CIPHERTEXT_SIZE_768, CPA_PKE_PUBLIC_KEY_SIZE_768, @@ -116,7 +116,7 @@ macro_rules! instantiate { private_key: &MlKem768PrivateKey, ciphertext: &MlKem768Ciphertext, ) -> MlKemSharedSecret { - p::decapsulate_generic::< + p::decapsulate::< RANK_768, SECRET_KEY_SIZE_768, CPA_PKE_SECRET_KEY_SIZE_768, @@ -141,17 +141,17 @@ macro_rules! instantiate { // Instantiations -instantiate! {portable, ind_cca::portable} +instantiate! {portable, ind_cca::instantiations::portable} #[cfg(feature = "simd256")] -instantiate! {avx2, ind_cca::avx2} +instantiate! {avx2, ind_cca::instantiations::avx2} #[cfg(feature = "simd128")] -instantiate! {neon, ind_cca::neon} +instantiate! {neon, ind_cca::instantiations::neon} /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { - if ind_cca::validate_public_key::< + if multiplexing::validate_public_key::< RANK_768, RANKED_BYTES_PER_RING_ELEMENT_768, CPA_PKE_PUBLIC_KEY_SIZE_768, @@ -177,7 +177,7 @@ pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option MlKem768KeyPair { - generate_keypair::< + multiplexing::generate_keypair::< RANK_768, CPA_PKE_SECRET_KEY_SIZE_768, SECRET_KEY_SIZE_768, @@ -197,7 +197,7 @@ pub fn encapsulate( public_key: &MlKem768PublicKey, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem768Ciphertext, MlKemSharedSecret) { - ind_cca::encapsulate::< + multiplexing::encapsulate::< RANK_768, CPA_PKE_CIPHERTEXT_SIZE_768, CPA_PKE_PUBLIC_KEY_SIZE_768, @@ -222,7 +222,7 @@ pub fn decapsulate( private_key: &MlKem768PrivateKey, ciphertext: &MlKem768Ciphertext, ) -> MlKemSharedSecret { - ind_cca::decapsulate::< + multiplexing::decapsulate::< RANK_768, SECRET_KEY_SIZE_768, CPA_PKE_SECRET_KEY_SIZE_768, From 34fc123b52d1499aa681c0a22240512c7581d859 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 5 Jun 2024 15:54:59 +0200 Subject: [PATCH 06/74] ci: update cargo dependencies --- .github/workflows/hax.yml | 3 +++ .github/workflows/mldsa.yml | 3 +++ .github/workflows/mlkem.yml | 6 ++++++ .github/workflows/platform.yml | 3 +++ .github/workflows/rust.yml | 3 +++ .github/workflows/specs.yml | 3 +++ 6 files changed, 21 insertions(+) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 9f7b6fc2d..c6f4f4748 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -28,6 +28,9 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Update dependencies + run: cargo update + - name: ⤵ Install FStar run: nix profile install github:FStarLang/FStar/v2024.01.13 diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index 03b6d91ad..a05d1e6c3 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index fe43c3025..4f3ed7102 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} @@ -168,6 +171,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/platform.yml b/.github/workflows/platform.yml index 84c4bf71f..796fd6956 100644 --- a/.github/workflows/platform.yml +++ b/.github/workflows/platform.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - name: 🔨 Build run: cargo build --verbose diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8f781c1f1..ee0e3f090 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -40,6 +40,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml index 043d3d801..83a79e802 100644 --- a/.github/workflows/specs.yml +++ b/.github/workflows/specs.yml @@ -41,6 +41,9 @@ jobs: - uses: actions/checkout@v3 + - name: Update dependencies + run: cargo update + - name: Build working-directory: specs run: cargo build --verbose From b52a87fb110e1152f8297be9cf20ddfcf67da521 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 5 Jun 2024 15:00:30 +0200 Subject: [PATCH 07/74] fix --- libcrux-ml-kem/c/CMakeLists.txt | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 1db8cb438..25829913a 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -108,13 +108,7 @@ target_link_libraries(sha3_test PRIVATE # --- Benchmarks -FetchContent_Populate(benchmark - GIT_REPOSITORY https://github.com/google/benchmark.git - # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 - # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f -) -add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) +find_package(benchmark) add_executable(ml_kem_bench ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc From 657a6eb5453fb1d96911d26b3a3c16fb3d921c2b Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 5 Jun 2024 10:46:42 +0200 Subject: [PATCH 08/74] nix --- .github/workflows/nix.yml | 13 ++ flake.lock | 434 ++++++++++++++++++++++++++++++++++++++ flake.nix | 77 +++++++ 3 files changed, 524 insertions(+) create mode 100644 .github/workflows/nix.yml create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 000000000..29db314d8 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,13 @@ +name: Nix + +on: + push: + branches: [main] + +jobs: + nix: + runs-on: ubuntu-latest + steps: + - uses: DeterminateSystems/nix-installer-action@v12 + - uses: actions/checkout@v4 + - run: nix build -L .#ml-kem diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..c06ddd613 --- /dev/null +++ b/flake.lock @@ -0,0 +1,434 @@ +{ + "nodes": { + "charon": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "eurydice", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1717577599, + "narHash": "sha256-5LxkX4sCtd82/h3WXkbDP4eWQMP+7Wd2xhg6xLQXQV4=", + "owner": "aeneasverif", + "repo": "charon", + "rev": "a00876a9cd94e9ac63dbb71dae3df337b568dba3", + "type": "github" + }, + "original": { + "owner": "aeneasverif", + "repo": "charon", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "charon", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "eurydice": { + "inputs": { + "charon": [ + "charon" + ], + "flake-utils": "flake-utils_2", + "fstar": "fstar", + "karamel": "karamel", + "nixpkgs": [ + "eurydice", + "karamel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717520324, + "narHash": "sha256-w20SD6lKSjE5Zc7dLnCceF9EOHCZbWxyMDgqVds4f28=", + "owner": "aeneasverif", + "repo": "eurydice", + "rev": "9f8d759db7e7c8dfb406e1b373d316aadc5cdd98", + "type": "github" + }, + "original": { + "owner": "aeneasverif", + "repo": "eurydice", + "type": "github" + } + }, + "flake-compat": { + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fstar": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1716897445, + "narHash": "sha256-Ytz9l3PjhBHULVZphHoUj15Ad8Wq3cIK6Paus32NB1w=", + "owner": "FStarLang", + "repo": "fstar", + "rev": "9820798dcc31cd1ea5c164611a67f58ade0b7655", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "repo": "fstar", + "type": "github" + } + }, + "fstar_2": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1716897445, + "narHash": "sha256-Ytz9l3PjhBHULVZphHoUj15Ad8Wq3cIK6Paus32NB1w=", + "owner": "fstarlang", + "repo": "fstar", + "rev": "9820798dcc31cd1ea5c164611a67f58ade0b7655", + "type": "github" + }, + "original": { + "owner": "fstarlang", + "repo": "fstar", + "type": "github" + } + }, + "karamel": { + "inputs": { + "flake-utils": [ + "eurydice", + "karamel", + "fstar", + "flake-utils" + ], + "fstar": "fstar_2", + "nixpkgs": [ + "eurydice", + "karamel", + "fstar", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717454922, + "narHash": "sha256-3yseAxgtqchKisDIWvU2hxC5rqNbQd7HDAPo28Gnzpk=", + "owner": "FStarLang", + "repo": "karamel", + "rev": "749859845fed65d9391f4ba318c8cf27292a85ce", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "repo": "karamel", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1693158576, + "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1693158576, + "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1717196966, + "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "charon": "charon", + "crane": "crane_2", + "eurydice": "eurydice", + "flake-utils": "flake-utils_5", + "fstar": [ + "eurydice", + "fstar" + ], + "karamel": [ + "eurydice", + "karamel" + ], + "nixpkgs": "nixpkgs_3" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "charon", + "flake-utils" + ], + "nixpkgs": [ + "charon", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701656211, + "narHash": "sha256-lfFXsLWH4hVbEKR6K+UcDiKxeS6Lz4FkC1DZ9LHqf9Y=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "47a276e820ae4ae1b8d98a503bf09d2ceb52dfd8", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..7af9a4342 --- /dev/null +++ b/flake.nix @@ -0,0 +1,77 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + crane = { + url = "github:ipetkov/crane"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + charon = { + url = "github:aeneasverif/charon"; + inputs.nixpkgs.follows = "eurydice/nixpkgs"; + }; + eurydice = { + url = "github:aeneasverif/eurydice"; + inputs.charon.follows = "charon"; + }; + fstar.follows = "eurydice/fstar"; + karamel.follows = "eurydice/karamel"; + }; + + outputs = + inputs: + inputs.flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import inputs.nixpkgs { inherit system; }; + googletest = pkgs.fetchzip { + url = "https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip"; + sha256 = "SjlJxushfry13RGA7BCjYC9oZqV4z6x8dOiHfl/wpF0="; + }; + json = pkgs.fetchzip { + url = "https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip"; + sha256 = "EBzwaHyDWF8h/z3Zfq4p/n5Vpz7Ozlc3eoWDKXWv2YY="; + }; + craneLib = inputs.crane.mkLib pkgs; + src = ./.; + cargoArtifacts = craneLib.buildDepsOnly { inherit src; }; + ml-kem = craneLib.buildPackage { + inherit src cargoArtifacts; + name = "ml-kem"; + nativeBuildInputs = [ + pkgs.clang + pkgs.cmake + pkgs.gbenchmark + pkgs.ninja + pkgs.python3 + ]; + buildPhase = '' + cd libcrux-ml-kem + bash c.sh + ''; + checkPhase = '' + cd c + cmake \ + -DFETCHCONTENT_SOURCE_DIR_GOOGLETEST=${googletest} \ + -DFETCHCONTENT_SOURCE_DIR_JSON=${json} \ + -G "Ninja Multi-Config" -B build + cmake --build build --config Release + ''; + installPhase = "cp -r . $out"; + CHARON_HOME = inputs.charon.packages.${system}.default; + EURYDICE_HOME = pkgs.runCommand "eurydice-home" { } '' + mkdir -p $out + cp -r ${inputs.eurydice.packages.${system}.default}/bin/eurydice $out + cp -r ${inputs.eurydice}/include $out + ''; + FSTAR_HOME = inputs.fstar.packages.${system}.default; + KRML_HOME = inputs.karamel.packages.${system}.default.home; + }; + in + { + packages = { + inherit ml-kem; + }; + } + ); +} From 831056086156f5545fd1ee75b24cbc6513ce2caa Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 5 Jun 2024 16:36:12 +0200 Subject: [PATCH 09/74] update' --- libcrux-ml-kem/c.yaml | 40 +- libcrux-ml-kem/c/CMakeLists.txt | 19 +- libcrux-ml-kem/c/internal/libcrux_core.h | 94 +- .../c/internal/libcrux_mlkem768_portable.h | 143 - .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_polynomial.h | 24 +- libcrux-ml-kem/c/libcrux_core.c | 178 +- libcrux-ml-kem/c/libcrux_core.h | 58 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 1555 +--------- libcrux-ml-kem/c/libcrux_mlkem512.h | 39 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 1532 ++++++++- libcrux-ml-kem/c/libcrux_mlkem768.h | 39 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 38 - libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 18 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2197 +------------ libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 21 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2744 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 1 - libcrux-ml-kem/c/libcrux_polynomial.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 1 - .../c/libcrux_sha3_libcrux_ml_kem.h | 219 -- libcrux-ml-kem/src/ind_cca/multiplexing.rs | 40 +- libcrux-ml-kem/src/mlkem1024.rs | 103 + libcrux-ml-kem/src/mlkem512.rs | 103 + 25 files changed, 3461 insertions(+), 5845 deletions(-) delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 4348c51aa..513ca98e4 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -1,17 +1,17 @@ files: # INTRINSICS - # - name: libcrux_intrinsics_neon - # library: true - # inline_static: true - # api: - # - [libcrux_intrinsics, arm64] + - name: libcrux_intrinsics_neon + library: true + inline_static: true + api: + - [libcrux_intrinsics, arm64] - # - name: libcrux_intrinsics_avx2 - # library: true - # inline_static: true - # api: - # - [libcrux_intrinsics, avx2] + - name: libcrux_intrinsics_avx2 + library: true + inline_static: true + api: + - [libcrux_intrinsics, avx2] - name: libcrux_platform api: @@ -178,6 +178,16 @@ files: api: - [libcrux_ml_kem, hash_functions, avx2, "*"] + - name: libcrux_mlkem512_avx2 + api: + - [libcrux_ml_kem, mlkem512, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + + - name: libcrux_mlkem512_portable + api: + - [libcrux_ml_kem, mlkem512, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + - name: libcrux_mlkem512 api: - [libcrux_ml_kem, mlkem512] @@ -196,6 +206,16 @@ files: api: - [libcrux_ml_kem, mlkem768] + - name: libcrux_mlkem1024_avx2 + api: + - [libcrux_ml_kem, mlkem1024, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + + - name: libcrux_mlkem1024_portable + api: + - [libcrux_ml_kem, mlkem1024, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + - name: libcrux_mlkem1024 api: - [libcrux_ml_kem, mlkem1024] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 1db8cb438..d50b9be3d 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -11,6 +11,7 @@ project(libcrux-ml-kem ) set(CMAKE_C_STANDARD 11) +#FIXME: Windows? add_compile_options( -Wall # -Wextra @@ -21,7 +22,6 @@ add_compile_options( $<$:-Og> $<$:-g> $<$:-O3> - -fno-omit-frame-pointer -flto ) add_link_options(-flto) @@ -34,21 +34,24 @@ include_directories( file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_core.c ${PROJECT_SOURCE_DIR}/libcrux_platform.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c - ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_portable.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_portable.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_portable.c ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c ) # file(GLOB VEC128_SOURCES -# libcrux_sha3_neon.c +# ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_neon.c +# ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_neon.c +# ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_neon.c +# ${PROJECT_SOURCE_DIR}/libcrux_sha3_neon.c # ) file(GLOB SOURCES_vec256 - ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_avx2.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_sha3_avx2.c ) -# set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE) - if(${CMAKE_SYSTEM_NAME} MATCHES Linux) add_compile_options( -fPIC diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 36a6ebec0..000eda9e3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -44,49 +44,6 @@ void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk); - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U]); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { - uint8_t fst[768U]; - uint8_t snd[800U]; -} K___uint8_t_768size_t__uint8_t_800size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U]); - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, Eurydice_slice rhs); - -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); - -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]); - libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uint8_t value[1568U]); @@ -154,12 +111,55 @@ uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( Eurydice_slice lhs, Eurydice_slice rhs); +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); + +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk); + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U]); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { + uint8_t fst[768U]; + uint8_t snd[800U]; +} K___uint8_t_768size_t__uint8_t_800size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U]); + +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, Eurydice_slice rhs); + typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { Eurydice_slice fst; Eurydice_slice snd; } K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; +typedef struct + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); @@ -179,11 +179,11 @@ typedef struct } K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]); void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h deleted file mode 100644 index f5fcb4e07..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem768_portable.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_mlkem768_portable_H -#define __internal_libcrux_mlkem768_portable_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem768_portable.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized); - -void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer, size_t _initial_coefficient_bound); - -void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound); - -void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound); - -void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound); - -void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized); - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer); - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer); - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer); - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer); - -void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - uint8_t ret[32U]); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness); - -void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U]); - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]); - -void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice serialized); - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice out); - -void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[384U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem768_portable_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4c7241790..d0aac553a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -18,23 +18,6 @@ extern "C" { #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_avx2.h" -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); @@ -69,6 +52,23 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]); +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h index 2c122c65d..ba1228d32 100644 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ b/libcrux-ml-kem/c/internal/libcrux_polynomial.h @@ -135,26 +135,26 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m Eurydice_slice a, Eurydice_slice out); typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s { + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[2U]; + fst[4U]; uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *rhs); typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s { + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[4U]; + fst[3U]; uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -202,11 +202,11 @@ void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElemen *error); typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s { + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[3U]; + fst[2U]; uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; +} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( @@ -227,7 +227,7 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector b); -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8b69e17c9..7fc937466 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -50,87 +50,6 @@ void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ - .sk = sk, .pk = pk}); -} - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); - return lit; -} - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self) { - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, Eurydice_slice rhs) { - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) { - size_t i0 = i; - uint8_t uu____0 = - Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = (uint32_t)r | - ((uint32_t)uu____0 ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)800U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); -} - libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uint8_t value[1568U]) { @@ -271,6 +190,87 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size return is_non_zero(r); } +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); +} + +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1120U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ + .sk = sk, .pk = pk}); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + return lit; +} + +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self) { + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, Eurydice_slice rhs) { + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) { + size_t i0 = i; + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; @@ -302,25 +302,25 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, } Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)1120U, uu____0, + (size_t)800U, uu____0, ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 45892cc6d..049652436 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -37,35 +37,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey____800size_t; - -typedef struct - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s { - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s { - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext____768size_t; - -typedef struct - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; - uint8_t snd[32U]; -} K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } libcrux_ml_kem_types_MlKemPublicKey____1568size_t; @@ -124,6 +95,35 @@ typedef struct uint8_t snd[32U]; } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s { + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s { + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s { + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index ed08e6f30..2a747078e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -8,7 +8,7 @@ #include "libcrux_mlkem1024.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem768_portable.h" +#include "internal/libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_avx2.h" #include "internal/libcrux_polynomial.h" #include "internal/libcrux_sha3_internal.h" @@ -1102,11 +1102,15 @@ decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_140 if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } @@ -1225,14 +1229,22 @@ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11si uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); return uu____0; } - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); return uu____0; } @@ -1597,13 +1609,19 @@ generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_1 uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uu____1); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____2); + } else { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____3); } - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____2); return uu____0; } @@ -1701,11 +1719,15 @@ static bool validate_public_key___4size_t_1536size_t_1568size_t( uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( public_key); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); + } else { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); } - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); return uu____0; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index ec48227d1..00bc23653 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -8,992 +8,6 @@ #include "libcrux_mlkem512.h" #include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem768_portable.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = compute_message__libcrux_ml_kem_vector_PortableVector_2size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____2size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; -} PortableHash____2size_t; - -static inline PortableHash____2size_t shake128_init_absorb___2size_t( - uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; - memcpy( - uu____1, state, - (size_t)2U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - PortableHash____2size_t lit; - memcpy( - lit.shake128_state, uu____1, - (size_t)2U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___2size_t( - PortableHash____2size_t *self, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___2size_t( - PortableHash____2size_t *self, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( - int16_t s[272U]) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash____2size_t xof_state = shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_2size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [2U])); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - randomness); - return uu____0; -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___2size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t0(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t( - &result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_2size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - error_2, message, result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - input[2U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___2size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_2size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_2size_t_640size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -static void -decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} static void decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( @@ -1004,11 +18,15 @@ decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } @@ -1022,98 +40,6 @@ void libcrux_ml_kem_mlkem512_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___2size_t( - Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -1127,14 +53,22 @@ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4); + } else { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6); return uu____0; } - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____3, uu____4); return uu____0; } @@ -1149,346 +83,6 @@ libcrux_ml_kem_mlkem512_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_2size_t1(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - &result[i1], &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - key[2U], - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)768U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uu____3, domain_separator) - .fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_2size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[2U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)1632U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { @@ -1499,13 +93,19 @@ generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192s uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uu____1); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____2); + } else { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____3); } - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____2); return uu____0; } @@ -1517,85 +117,6 @@ libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { uu____0); } -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - public_key); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline bool -validate_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_800size_t_2size_t( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - return validate_public_key__libcrux_ml_kem_vector_PortableVector_2size_t_768size_t_800size_t( - public_key); -} - static bool validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { bool uu____0; @@ -1603,11 +124,15 @@ static bool validate_public_key___2size_t_768size_t_800size_t( uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( public_key); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key); + } else { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key); } - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - public_key); return uu____0; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 3dfe05c0c..4cf838da4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -14,10 +14,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem512_portable.h" #include "libcrux_platform.h" -#include "libcrux_polynomial.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) @@ -76,53 +75,19 @@ extern "C" { LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - void libcrux_ml_kem_mlkem512_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key); - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key); - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 01b9e83cb..a1e71ded9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -8,6 +8,969 @@ #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem512_portable.h" +#include "internal/libcrux_mlkem_avx2.h" +#include "internal/libcrux_polynomial.h" +#include "internal/libcrux_sha3_internal.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( + &zeta_i, re, (size_t)7U); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( + re); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +typedef struct PortableHash____3size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; +} PortableHash____3size_t; + +static inline PortableHash____3size_t shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + memcpy( + uu____1, state, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + PortableHash____3size_t lit; + memcpy( + lit.shake128_state, uu____1, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + int16_t s[272U]) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U])); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); + result = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +static void +decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} static void decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( @@ -18,11 +981,15 @@ decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960 if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } @@ -36,6 +1003,98 @@ void libcrux_ml_kem_mlkem768_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -49,14 +1108,22 @@ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10siz uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); return uu____0; } - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); return uu____0; } @@ -71,6 +1138,346 @@ libcrux_ml_kem_mlkem768_encapsulate( uu____0, uu____1); } +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + product = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( + matrix_element, &s_as_ntt[j]); + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( + &result[i1], &product); + } + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -81,13 +1488,19 @@ generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_1 uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____1); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____2); + } else { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____3); } - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____2); return uu____0; } @@ -99,6 +1512,85 @@ libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector +closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { + return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); +} + +static inline bool +validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( + public_key); +} + static bool validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { bool uu____0; @@ -106,11 +1598,15 @@ static bool validate_public_key___3size_t_1152size_t_1184size_t( uu____0 = libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( public_key); - return uu____0; + } else if (libcrux_platform_platform_simd128_support()) { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); + } else { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); } - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); return uu____0; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9674c7990..5fb3491b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -14,9 +14,10 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem768_avx2.h" -#include "libcrux_mlkem768_portable.h" #include "libcrux_platform.h" +#include "libcrux_polynomial.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) @@ -75,19 +76,53 @@ extern "C" { LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_mlkem768_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index dc8fa29e8..19f0762b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,18 +7,6 @@ #include "libcrux_mlkem768_avx2.h" -#include "internal/libcrux_mlkem_avx2.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, @@ -29,17 +17,6 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -51,15 +28,6 @@ libcrux_ml_kem_mlkem768_avx2_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -68,12 +36,6 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - public_key); -} - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index a2c748d16..5b71584d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -14,37 +14,21 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); +#include "libcrux_mlkem768.h" void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]); -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index cd051f9ba..22c124e6e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,1690 +5,7 @@ KaRaMeL version: 40e3a603 */ -#include "internal/libcrux_mlkem768_portable.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -typedef struct - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector_s { - libcrux_ml_kem_vector_PortableVector fst; - libcrux_ml_kem_vector_PortableVector snd; -} __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector; - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - b, zeta_r); - b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - a, &t); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - a, &t); - return (( - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, .snd = b}); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_PortableVector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -void libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -void libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer, size_t _initial_coefficient_bound) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -void libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = deserialize_then_decompress_4__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t _layer) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a, - libcrux_ml_kem_vector_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_PortableVector a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - b, &a); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - a_minus_b, zeta_r); - return (( - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector){ - .fst = a, .snd = b}); -} - -void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_vector_PortableVector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_PortableVector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_PortableVector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - v, result); - return result; -} - -void libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0]); - libcrux_ml_kem_vector_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - bytes); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____3size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; -} PortableHash____3size_t; - -static inline PortableHash____3size_t shake128_init_absorb___3size_t( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy( - uu____1, state, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - PortableHash____3size_t lit; - memcpy( - lit.shake128_state, uu____1, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U]) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U])); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t uu____2 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t random_bits_as_u32 = - uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t random_bits_as_u24 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_PortableVector( - randomness); - return uu____0; -} - -static inline void ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_PortableVector t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_PortableVector(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_320size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -void libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficients = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - coefficients, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_PortableVector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -static void -decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} +#include "libcrux_mlkem768_portable.h" void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, @@ -1700,87 +17,6 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -1792,364 +28,6 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( uu____0, uu____1); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -2158,79 +36,6 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline bool -validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - public_key); -} - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 5536e97a2..9f6577139 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -14,40 +14,21 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_polynomial.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_internal.h" - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); +#include "libcrux_mlkem768.h" void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]); -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 79f472cbb..21fc1c974 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1561,7 +1561,7 @@ ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -1592,14 +1592,14 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -1621,7 +1621,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s } memcpy( ret, deserialized_pk, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -1677,17 +1677,17 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, key, + (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -1697,7 +1697,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)768U, out, + (size_t)1536U, out, ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * @@ -1711,68 +1711,68 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)800U, public_key_serialized, + (size_t)1568U, public_key_serialized, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), + .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; + uu____1[4U]; memcpy( uu____1, t_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, Eurydice_slice), seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; + uu____0[4U]; memcpy( uu____0, deserialized_pk, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), @@ -1781,22 +1781,22 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy( ret, ret0, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -1804,7 +1804,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t @@ -1814,54 +1814,70 @@ shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } -static inline void shake128_squeeze_three_blocks___2size_t( +static inline void shake128_squeeze_three_blocks___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - uint8_t dummy_out1[504U] = {0U}; + uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], Eurydice_slice), (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -1887,8 +1903,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -1897,47 +1913,63 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -static inline void shake128_squeeze_block___2size_t( +static inline void shake128_squeeze_block___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - uint8_t dummy_out1[168U] = {0U}; + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], Eurydice_slice), (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], + uint8_t(*)[168U], uint8_t[168U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -1963,8 +1995,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -1994,7 +2026,7 @@ from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -2005,84 +2037,84 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( uu____2, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( uu____3[i]);); memcpy( ret, ret0, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U]) { + ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( uu____1, sampled); for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, sampled, + (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2099,63 +2131,79 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu }); memcpy( ret, A_transpose, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U])); + [4U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; + fst[4U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t dummy_out0[192U] = {0U}; - uint8_t dummy_out1[192U] = {0U}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____9 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, - uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); + uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2253,12 +2301,12 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( Eurydice_slice randomness) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( randomness); return uu____0; } @@ -2423,47 +2471,47 @@ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; + uu____2[4U]; memcpy( uu____2, re_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; @@ -2471,7 +2519,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -2506,7 +2554,7 @@ ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2554,31 +2602,31 @@ add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[2U], + *matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, matrix_A, + (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], + [4U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], + [4U], size_t); i0++) { size_t i1 = i0; @@ -2589,7 +2637,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, row, + (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2601,7 +2649,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1], &product); } add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -2609,16 +2657,16 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( } memcpy( ret, result, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); + G___4size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), @@ -2627,76 +2675,76 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; + A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; + secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; + error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____3, domain_separator) .fst, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; + uu____4[4U]; memcpy( uu____4, t_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; + uu____5[4U]; memcpy( uu____5, secret_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), input); @@ -2704,17 +2752,17 @@ static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { } static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)1632U, uu____0, + (size_t)3168U, uu____0, ((core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -2727,7 +2775,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t size_t uu____5 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)1632U, uu____3, + (size_t)3168U, uu____3, ((core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + @@ -2736,13 +2784,13 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)1632U, out, + (size_t)3168U, out, ((core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - H___2size_t(public_key, ret0); + H___4size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -2753,18 +2801,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t size_t uu____9 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)1632U, uu____7, + (size_t)3168U, uu____7, ((core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -2776,49 +2824,49 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -2840,89 +2888,38 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768s } memcpy( ret, deserialized_pk, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - uint8_t dummy_out1[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -2930,24 +2927,24 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; + uu____2[4U]; memcpy( uu____2, error_1, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___2size_t_128size_t(Eurydice_slice input, +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -2957,7 +2954,7 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -3063,7 +3060,7 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = @@ -3102,31 +3099,31 @@ static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[2U], + *a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, + (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], + [4U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], + [4U], size_t); i0++) { size_t i1 = i0; @@ -3137,7 +3134,7 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, row, + (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3149,17 +3146,17 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1]); add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -3225,7 +3222,7 @@ add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3236,14 +3233,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( *message) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( error_2, message, result); @@ -3313,11 +3310,11 @@ static core_core_arch_x86___m256i compress___10int32_t( } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3328,7 +3325,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, + (size_t)352U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3337,7 +3334,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline core_core_arch_x86___m256i @@ -3403,11 +3400,11 @@ static core_core_arch_x86___m256i compress___11int32_t( } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3418,7 +3415,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, + (size_t)352U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3427,31 +3424,31 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], + input[4U], Eurydice_slice out) { for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)2U, input, + (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3463,15 +3460,15 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s Eurydice_slice uu____0 = Eurydice_slice_subslice( out, ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } @@ -3653,64 +3650,64 @@ compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { + uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; + A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; + r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; + error_1[4U]; memcpy( error_1, uu____3.fst, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___2size_t_128size_t( + PRF___4size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3719,8 +3716,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); @@ -3729,34 +3726,34 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; + uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; + uu____5[4U]; memcpy( uu____5, u, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( - (size_t)768U, ciphertext, + (size_t)1568U, ciphertext, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), + .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -3766,10 +3763,10 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H___2size_t( + H___4size_t( Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( public_key), uint8_t, Eurydice_slice), ret); @@ -3778,7 +3775,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G___2size_t( + G___4size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = @@ -3789,35 +3786,35 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -3995,18 +3992,18 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = (size_t)0U; @@ -4025,46 +4022,46 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, Eurydice_slice), uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); + (size_t)11U / (size_t)8U); i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)768U, ciphertext, + (size_t)1568U, ciphertext, ((core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), + (size_t)11U / (size_t)8U), .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + + (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), + (size_t)11U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -4240,18 +4237,18 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -4279,14 +4276,14 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vect } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -4308,7 +4305,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( } memcpy( ret, secret_as_ntt, - (size_t)2U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -4335,7 +4332,7 @@ subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4344,14 +4341,14 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; @@ -4387,24 +4384,24 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -4412,7 +4409,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___2size_t_32size_t(Eurydice_slice input, +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -4421,21 +4418,21 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), - (size_t)768U, uint8_t, + (size_t)1536U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, + secret_key0, (size_t)1568U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; @@ -4446,7 +4443,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -4458,7 +4455,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___2size_t( + G___4size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = @@ -4468,33 +4465,33 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext); uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; @@ -4507,19 +4504,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -4541,23 +4538,23 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 } memcpy( ret, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, key, + (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4567,7 +4564,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, + (size_t)1152U, out, ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * @@ -4581,68 +4578,68 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, + (size_t)1184U, public_key_serialized, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), + .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; + uu____1[3U]; memcpy( uu____1, t_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, Eurydice_slice), seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; + uu____0[3U]; memcpy( uu____0, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), @@ -4651,28 +4648,28 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy( ret, ret0, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t @@ -4685,67 +4682,59 @@ shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } -static inline void shake128_squeeze_three_blocks___4size_t( +static inline void shake128_squeeze_three_blocks___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; + uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], Eurydice_slice), (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], + out12, (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -4771,8 +4760,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -4781,63 +4770,55 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -static inline void shake128_squeeze_block___4size_t( +static inline void shake128_squeeze_block___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], Eurydice_slice), (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], + out12, (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -4863,8 +4844,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -4874,7 +4855,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -4885,84 +4866,84 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( uu____2, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( uu____3[i]);); memcpy( ret, ret0, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U]) { + ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( uu____1, sampled); for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, sampled, + (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4979,102 +4960,94 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu }); memcpy( ret, A_transpose, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U])); + [3U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; + fst[3U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], Eurydice_slice), (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], + out12, (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( + Eurydice_slice uu____7 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( + Eurydice_slice uu____8 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); + uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -5084,17 +5057,17 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; + uu____2[3U]; memcpy( uu____2, re_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; @@ -5102,12 +5075,12 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5128,31 +5101,31 @@ add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[4U], + *matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, matrix_A, + (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], size_t); i0++) { size_t i1 = i0; @@ -5163,7 +5136,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, row, + (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5175,7 +5148,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1], &product); } add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -5183,16 +5156,16 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } memcpy( ret, result, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); + G___3size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), @@ -5201,75 +5174,75 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; + secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; + error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____3, domain_separator) .fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; + uu____4[3U]; memcpy( uu____4, t_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[3U]; memcpy( uu____5, secret_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5278,17 +5251,17 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { } static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____0, + (size_t)2400U, uu____0, ((core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -5301,7 +5274,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t size_t uu____5 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____3, + (size_t)2400U, uu____3, ((core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + @@ -5310,13 +5283,13 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, + (size_t)2400U, out, ((core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - H___4size_t(public_key, ret0); + H___3size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5327,18 +5300,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t size_t uu____9 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____7, + (size_t)2400U, uu____7, ((core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5350,49 +5323,49 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -5414,38 +5387,38 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536 } memcpy( ret, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -5453,24 +5426,24 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; + uu____2[3U]; memcpy( uu____2, error_1, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___4size_t_128size_t(Eurydice_slice input, +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -5480,12 +5453,12 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = @@ -5505,31 +5478,31 @@ invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[4U], + *a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, + (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], size_t); i0++) { size_t i1 = i0; @@ -5540,7 +5513,7 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, row, + (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5552,23 +5525,23 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1]); add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5579,14 +5552,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( *message) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( error_2, message, result); @@ -5594,11 +5567,11 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -5609,7 +5582,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, + (size_t)320U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5618,15 +5591,15 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -5637,7 +5610,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, + (size_t)320U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5646,31 +5619,31 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], + input[3U], Eurydice_slice out) { for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, input, + (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5682,78 +5655,78 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408 Eurydice_slice uu____0 = Eurydice_slice_subslice( out, ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { + uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; + r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; + error_1[3U]; memcpy( error_1, uu____3.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___4size_t_128size_t( + PRF___3size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5762,8 +5735,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); @@ -5772,34 +5745,34 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; + uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[3U]; memcpy( uu____5, u, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, + (size_t)1088U, ciphertext, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), + .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -5809,10 +5782,10 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H___4size_t( + H___3size_t( Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( public_key), uint8_t, Eurydice_slice), ret); @@ -5821,7 +5794,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G___4size_t( + G___3size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = @@ -5832,52 +5805,52 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = (size_t)0U; @@ -5896,75 +5869,75 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, Eurydice_slice), uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); + (size_t)10U / (size_t)8U); i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, + (size_t)1088U, ciphertext, ((core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), + (size_t)10U / (size_t)8U), .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + + (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), + (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -5986,13 +5959,13 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } memcpy( ret, secret_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6001,38 +5974,38 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -6040,7 +6013,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___4size_t_32size_t(Eurydice_slice input, +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -6049,21 +6022,21 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), - (size_t)1536U, uint8_t, + (size_t)1152U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, + secret_key0, (size_t)1184U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; @@ -6074,7 +6047,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -6086,7 +6059,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___4size_t( + G___3size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = @@ -6096,33 +6069,33 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext); uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; @@ -6135,19 +6108,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -6169,23 +6142,23 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184 } memcpy( ret, deserialized_pk, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, key, + (size_t)2U, key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6195,7 +6168,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, + (size_t)768U, out, ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * @@ -6209,68 +6182,68 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, + (size_t)800U, public_key_serialized, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), + .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; + uu____1[2U]; memcpy( uu____1, t_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, Eurydice_slice), seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; + uu____0[2U]; memcpy( uu____0, deserialized_pk, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), @@ -6279,28 +6252,28 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy( ret, ret0, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { +shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t @@ -6310,62 +6283,54 @@ shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( uu____0, uu____1, uu____2, uu____3, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } -static inline void shake128_squeeze_three_blocks___3size_t( +static inline void shake128_squeeze_three_blocks___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; + uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; uint8_t dummy_out0[504U] = {0U}; + uint8_t dummy_out1[504U] = {0U}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], Eurydice_slice), (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + Eurydice_slice out1 = uu____0.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, + uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -6391,8 +6356,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -6401,55 +6366,47 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -static inline void shake128_squeeze_block___3size_t( +static inline void shake128_squeeze_block___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; uint8_t dummy_out0[168U] = {0U}; + uint8_t dummy_out1[168U] = {0U}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], + Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], Eurydice_slice), (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + Eurydice_slice out1 = uu____0.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, + uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -6475,8 +6432,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -6486,7 +6443,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -6497,84 +6454,84 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( uu____2, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( uu____3[i]);); memcpy( ret, ret0, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U]) { + ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( uu____1, sampled); for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, sampled, + (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6591,114 +6548,117 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu }); memcpy( ret, A_transpose, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U])); + [2U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; + fst[2U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t dummy_out0[192U] = {0U}; + uint8_t dummy_out1[192U] = {0U}; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + (size_t)1U, uint8_t[192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, + uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; + uu____2[2U]; memcpy( uu____2, re_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; @@ -6706,12 +6666,12 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6732,31 +6692,31 @@ add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[3U], + *matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, matrix_A, + (size_t)2U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [2U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [2U], size_t); i0++) { size_t i1 = i0; @@ -6767,7 +6727,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, row, + (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6779,7 +6739,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result[i1], &product); } add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -6787,16 +6747,16 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } memcpy( ret, result, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); + G___2size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), @@ -6805,75 +6765,75 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; + secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; + error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( uu____3, domain_separator) .fst, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; + uu____4[2U]; memcpy( uu____4, t_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[2U]; memcpy( uu____5, secret_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -6882,17 +6842,17 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { } static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____0, + (size_t)1632U, uu____0, ((core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -6905,7 +6865,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t size_t uu____5 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____3, + (size_t)1632U, uu____3, ((core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + @@ -6914,13 +6874,13 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, + (size_t)1632U, out, ((core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - H___3size_t(public_key, ret0); + H___2size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6931,18 +6891,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t size_t uu____9 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____7, + (size_t)1632U, uu____7, ((core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -6954,49 +6914,49 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -7018,38 +6978,78 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152 } memcpy( ret, deserialized_pk, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + uint8_t dummy_out1[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -7057,24 +7057,24 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; + uu____2[2U]; memcpy( uu____2, error_1, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___3size_t_128size_t(Eurydice_slice input, +static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -7084,12 +7084,12 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = @@ -7109,31 +7109,31 @@ invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[3U], + *a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, + (size_t)2U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [2U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [2U], size_t); i0++) { size_t i1 = i0; @@ -7144,7 +7144,7 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, row, + (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7156,23 +7156,23 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result[i1]); add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7183,14 +7183,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( *message) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( error_2, message, result); @@ -7198,16 +7198,16 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], + input[2U], Eurydice_slice out) { for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, input, + (size_t)2U, input, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7219,8 +7219,8 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960s Eurydice_slice uu____0 = Eurydice_slice_subslice( out, ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( @@ -7233,56 +7233,56 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960s } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { + uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; + r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; + error_1[2U]; memcpy( error_1, uu____3.fst, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___3size_t_128size_t( + PRF___2size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7291,8 +7291,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); @@ -7301,34 +7301,34 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; + uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[2U]; memcpy( uu____5, u, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, + (size_t)768U, ciphertext, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), + .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -7338,10 +7338,10 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H___3size_t( + H___2size_t( Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( public_key), uint8_t, Eurydice_slice), ret); @@ -7350,7 +7350,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G___3size_t( + G___2size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = @@ -7361,52 +7361,52 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, Eurydice_slice), uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * @@ -7414,7 +7414,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_ i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, + (size_t)768U, ciphertext, ((core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * @@ -7434,25 +7434,25 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_ } memcpy( ret, u_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -7474,13 +7474,13 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } memcpy( ret, secret_as_ntt, - (size_t)3U * + (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7489,38 +7489,38 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -7528,7 +7528,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___3size_t_32size_t(Eurydice_slice input, +static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -7537,21 +7537,21 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, Eurydice_slice), - (size_t)1152U, uint8_t, + (size_t)768U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, + secret_key0, (size_t)800U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; @@ -7562,7 +7562,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -7574,7 +7574,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___3size_t( + G___2size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = @@ -7584,33 +7584,33 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( ciphertext); uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 08c2017a6..026947fe9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -16,7 +16,6 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3.h" #include "libcrux_sha3_avx2.h" -#include "libcrux_sha3_libcrux_ml_kem.h" core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c index 23913a64a..61c774813 100644 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ b/libcrux-ml-kem/c/libcrux_polynomial.c @@ -2094,7 +2094,7 @@ libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_m return rej_sample(a, out); } -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -2114,7 +2114,7 @@ void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElemen } } -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector @@ -2377,7 +2377,7 @@ libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vec return b; } -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( +void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1401fee38..2f9e86a7b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -16,7 +16,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -#include "libcrux_sha3_libcrux_ml_kem.h" typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h deleted file mode 100644 index 4f8d3f20c..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ /dev/null @@ -1,219 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_sha3_libcrux_ml_kem_H -#define __libcrux_sha3_libcrux_ml_kem_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_add_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_add_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_and_si256( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_andnot_si256( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_blend_epi16( - int32_t x0, core_core_arch_x86___m256i x1, core_core_arch_x86___m256i x2); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_castsi128_si256( - core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm256_castsi256_si128( - core_core_arch_x86___m256i x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_cmpgt_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_cvtepi16_epi32( - core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_extracti128_si256(int32_t x0, - core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_inserti128_si256(int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m128i x2); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_slice x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_madd_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mul_epu32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mulhi_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mullo_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_mullo_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_packs_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute2x128_si256(int32_t x0, - core_core_arch_x86___m256i x1, - core_core_arch_x86___m256i x2); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permute4x64_epi64(int32_t x0, - core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi16( - int16_t x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi32( - int32_t x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set1_epi64x( - int64_t x0); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi16( - int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, int16_t x15); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi32( - int32_t x0, int32_t x1, int32_t x2, int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( - int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, - int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, - int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, - int8_t x19, int8_t x20, int8_t x21, int8_t x22, int8_t x23, int8_t x24, - int8_t x25, int8_t x26, int8_t x27, int8_t x28, int8_t x29, int8_t x30, - int8_t x31); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_setzero_si256( - void); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_shuffle_epi32( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_shuffle_epi8( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi16( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi32( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_slli_epi64( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_sllv_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srai_epi16( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srai_epi32( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi16( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi32( - int32_t x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_srli_epi64( - int32_t x0, core_core_arch_x86___m256i x1); - -extern void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice x0, core_core_arch_x86___m256i x1); - -extern void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_sub_epi16( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpackhi_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpacklo_epi32( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_unpacklo_epi64( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_xor_si256( - core_core_arch_x86___m256i x0, core_core_arch_x86___m256i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice x0); - -extern int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i x0); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t x0); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( - uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, - uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, - uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_shuffle_epi8( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -extern void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice x0, core_core_arch_x86___m128i x1); - -extern void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice x0, core_core_arch_x86___m128i x1); - -extern core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( - core_core_arch_x86___m128i x0, core_core_arch_x86___m128i x1); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_libcrux_ml_kem_H_DEFINED -#endif diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 513ebca3f..bb3ce292b 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -7,10 +7,7 @@ pub(crate) fn validate_public_key< >( public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { + if libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] return instantiations::avx2::validate_public_key::< K, @@ -23,10 +20,7 @@ pub(crate) fn validate_public_key< RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, >(public_key) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { + } else if libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] return instantiations::neon::validate_public_key::< K, @@ -60,10 +54,7 @@ pub(crate) fn generate_keypair< randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPair { // Runtime feature detection. - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { + if libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] return instantiations::avx2::generate_keypair::< K, @@ -84,10 +75,7 @@ pub(crate) fn generate_keypair< ETA1, ETA1_RANDOMNESS_SIZE, >(randomness) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { + } else if libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] return instantiations::neon::generate_keypair::< K, @@ -139,10 +127,7 @@ pub(crate) fn encapsulate< public_key: &MlKemPublicKey, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { + if libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] return instantiations::avx2::encapsulate::< K, @@ -175,10 +160,7 @@ pub(crate) fn encapsulate< ETA2, ETA2_RANDOMNESS_SIZE, >(public_key, randomness) - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { + } else if libcrux_platform::simd128_support() { #[cfg(not(feature = "simd128"))] return instantiations::portable::encapsulate::< K, @@ -251,10 +233,7 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - if cfg!(feature = "simd256") - && cfg!(target_arch = "x86_64") - && libcrux_platform::simd256_support() - { + if libcrux_platform::simd256_support() { #[cfg(all(feature = "simd256", target_arch = "x86_64"))] return instantiations::avx2::decapsulate::< K, @@ -293,10 +272,7 @@ pub(crate) fn decapsulate< ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext); - } else if cfg!(feature = "simd128") - && cfg!(target_arch = "aarch64") - && libcrux_platform::simd128_support() - { + } else if libcrux_platform::simd128_support() { #[cfg(all(feature = "simd128", target_arch = "aarch64"))] return instantiations::neon::decapsulate::< K, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 8ca4e0cec..5a3a8b520 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -45,6 +45,109 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// Am ML-KEM 1024 Key pair pub type MlKem1024KeyPair = MlKemKeyPair; +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path) => { + pub mod $modp { + use super::*; + use $p as p; + + /// Validate a public key. + /// + /// Returns `Some(public_key)` if valid, and `None` otherwise. + pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option { + if p::validate_public_key::< + RANK_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + >(&public_key.value) + { + Some(public_key) + } else { + None + } + } + + /// Generate ML-KEM 1024 Key Pair + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem1024KeyPair { + p::generate_keypair::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + /// Encapsulate ML-KEM 1024 + /// + /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] + /// bytes of `randomness`. + pub fn encapsulate( + public_key: &MlKem1024PublicKey, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { + p::encapsulate::< + RANK_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 1024 + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem1024PrivateKey, + ciphertext: &MlKem1024Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } + }; +} + +// Instantiations + +instantiate! {portable, ind_cca::instantiations::portable} +#[cfg(feature = "simd256")] +instantiate! {avx2, ind_cca::instantiations::avx2} +#[cfg(feature = "simd128")] +instantiate! {neon, ind_cca::instantiations::neon} + /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 32c8a6118..3ec606dd7 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -43,6 +43,109 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// Am ML-KEM 512 Key pair pub type MlKem512KeyPair = MlKemKeyPair; +// Instantiate the different functions. +macro_rules! instantiate { + ($modp:ident, $p:path) => { + pub mod $modp { + use super::*; + use $p as p; + + /// Validate a public key. + /// + /// Returns `Some(public_key)` if valid, and `None` otherwise. + pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option { + if p::validate_public_key::< + RANK_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + >(&public_key.value) + { + Some(public_key) + } else { + None + } + } + + /// Generate ML-KEM 512 Key Pair + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem512KeyPair { + p::generate_keypair::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + /// Encapsulate ML-KEM 512 + /// + /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + /// bytes of `randomness`. + pub fn encapsulate( + public_key: &MlKem512PublicKey, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem512Ciphertext, MlKemSharedSecret) { + p::encapsulate::< + RANK_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 512 + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem512PrivateKey, + ciphertext: &MlKem512Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate::< + RANK_512, + SECRET_KEY_SIZE_512, + CPA_PKE_SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } + }; +} + +// Instantiations + +instantiate! {portable, ind_cca::instantiations::portable} +#[cfg(feature = "simd256")] +instantiate! {avx2, ind_cca::instantiations::avx2} +#[cfg(feature = "simd128")] +instantiate! {neon, ind_cca::instantiations::neon} + /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. From c5d4cf0bbaec2d7ad314f17cb637b098ac9b3372 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 5 Jun 2024 17:14:03 +0200 Subject: [PATCH 10/74] build updates --- libcrux-ml-kem/c.sh | 1 + libcrux-ml-kem/c.yaml | 32 +- libcrux-ml-kem/c/CMakeLists.txt | 3 + libcrux-ml-kem/c/eurydice_glue.h | 300 - libcrux-ml-kem/c/internal/libcrux_core.h | 259 - .../c/internal/libcrux_mlkem_avx2.h | 77 - .../c/internal/libcrux_polynomial.h | 272 - libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 38 - .../c/internal/libcrux_sha3_internal.h | 251 - libcrux-ml-kem/c/libcrux_core.c | 409 - libcrux-ml-kem/c/libcrux_core.h | 162 - libcrux-ml-kem/c/libcrux_mlkem1024.c | 1749 ---- libcrux-ml-kem/c/libcrux_mlkem1024.h | 137 - libcrux-ml-kem/c/libcrux_mlkem512.c | 153 - libcrux-ml-kem/c/libcrux_mlkem512.h | 100 - libcrux-ml-kem/c/libcrux_mlkem768.c | 1628 ---- libcrux-ml-kem/c/libcrux_mlkem768.h | 135 - libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 55 - libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 41 - libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 55 - libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 41 - libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 7623 ----------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 293 - libcrux-ml-kem/c/libcrux_platform.h | 26 - libcrux-ml-kem/c/libcrux_polynomial.c | 2531 ------ libcrux-ml-kem/c/libcrux_polynomial.h | 32 - libcrux-ml-kem/c/libcrux_sha3.h | 114 - libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2028 ----- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 56 - libcrux-ml-kem/c/libcrux_sha3_internal.h | 2346 ----- libcrux-ml-kem/c/libcrux_sha3_neon.c | 187 - libcrux-ml-kem/c/libcrux_sha3_neon.h | 55 - libcrux-ml-kem/src/ind_cca/multiplexing.rs | 22 +- libcrux-sha3/build.rs | 26 +- libcrux-sha3/src/lib.rs | 109 +- 35 files changed, 108 insertions(+), 21238 deletions(-) delete mode 100644 libcrux-ml-kem/c/eurydice_glue.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_core.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_polynomial.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_internal.h delete mode 100644 libcrux-ml-kem/c/libcrux_core.c delete mode 100644 libcrux-ml-kem/c/libcrux_core.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_platform.h delete mode 100644 libcrux-ml-kem/c/libcrux_polynomial.c delete mode 100644 libcrux-ml-kem/c/libcrux_polynomial.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_internal.h delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.h diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 17af9d262..fdd1dba86 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -32,6 +32,7 @@ if [[ "$portable_only" = 1 ]]; then export LIBCRUX_DISABLE_SIMD128=1 fi +# TODO: add LIBCRUX_ENABLE_SIMD128=1 LIBCRUX_ENABLE_SIMD256=1 charon invocations if [[ "$no_charon" = 0 ]]; then rm -rf ../libcrux_ml_kem.llbc ../libcrux_sha3.llbc echo "Running charon (sha3) ..." diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 513ca98e4..83cf038bf 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -180,13 +180,21 @@ files: - name: libcrux_mlkem512_avx2 api: - - [libcrux_ml_kem, mlkem512, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + patterns: + - [libcrux_ml_kem, mlkem512, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + monomorphizations_of: + - [libcrux_ml_kem, mlkem512, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] - name: libcrux_mlkem512_portable api: - - [libcrux_ml_kem, mlkem512, portable] - - [libcrux_ml_kem, ind_cca, instantiations, portable] + patterns: + - [libcrux_ml_kem, mlkem512, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + monomorphizations_of: + - [libcrux_ml_kem, mlkem512, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] - name: libcrux_mlkem512 api: @@ -194,13 +202,21 @@ files: - name: libcrux_mlkem768_avx2 api: - - [libcrux_ml_kem, mlkem768, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + patterns: + - [libcrux_ml_kem, mlkem768, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + monomorphizations_of: + - [libcrux_ml_kem, mlkem768, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] - name: libcrux_mlkem768_portable api: - - [libcrux_ml_kem, mlkem768, portable] - - [libcrux_ml_kem, ind_cca, instantiations, portable] + patterns: + - [libcrux_ml_kem, mlkem768, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + monomorphizations_of: + - [libcrux_ml_kem, mlkem768, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] - name: libcrux_mlkem768 api: diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index d50b9be3d..939dc09e9 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -34,6 +34,9 @@ include_directories( file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_core.c ${PROJECT_SOURCE_DIR}/libcrux_platform.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_portable.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_portable.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_portable.c diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h deleted file mode 100644 index bd794c456..000000000 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ /dev/null @@ -1,300 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/internal/target.h" -#include "krml/lowstar_endianness.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length -// of the slice, i.e. the number of elements in the slice (this is NOT the -// number of bytes). This design choice has two important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* -// performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the -// type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you -// need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x -// (included), and an end index in x (excluded). The argument x must be suitably -// cast to something that can decay (see remark above about how pointer -// arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ - ((Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) -#define EURYDICE_SLICE_LEN(s, _) s.len -// This macro is a pain because in case the dereferenced element type is an -// array, you cannot simply write `t x` as it would yield `int[4] x` instead, -// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that -// adds an extra argument to this macro at the last minute so that we have the -// correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ - end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ - ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ - memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ - ((Eurydice_slice){.ptr = ptr_, .len = len_}) - -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ - (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ - (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq \ - Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ - .len = slice.len - mid}}) - -// Can't have a flexible array as a member of a union -- this violates strict -// aliasing rules. -typedef struct { - uint8_t tag; - uint8_t case_Ok[]; -} result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ - Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, \ - sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, - Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { - store64_le(buf, v); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - return load64_le(buf); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { - return x; -} - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { - return __builtin_popcount(x0); -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { - return x + y; -} -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { - return x - y; -} - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, - int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { - return (*p) & v; -} -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { - return (*p) >> v; -} - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) - -// Old name (TODO: remove once everyone has upgraded to the latest Charon) -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ - Eurydice_range_iter_next - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ - Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ - Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a -// type, and this static inline function cannot receive a type as an argument. -// Instead, we receive the element size and use it to peform manual offset -// computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, - size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size - ? chunks->chunk_size - : chunks->slice.len; - Eurydice_slice curr_chunk = - ((Eurydice_slice){.ptr = chunks->slice.ptr, .len = chunk_size}); - chunks->slice = ((Eurydice_slice){ - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size}); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ - ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ - ((Eurydice_chunks){ \ - .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ - .chunk_size = sz_}) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( \ - iter, t, ret_t) \ - (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t))})) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ - iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) \ - ((Eurydice_slice_iterator){.s = x, .index = 0}) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ - ret_t) \ - (((iter)->index == (iter)->s.len) \ - ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ - .f0 = ((iter)->index++, \ - &((t *)((iter)->s.ptr))[(iter)->index - 1])})) - -// STRINGS - -typedef const char *Prims_string; - -// MISC (UNTESTED) - -typedef void *core_fmt_Formatter; -typedef void *core_fmt_Arguments; -typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ - x4) \ - NULL - -// VECTORS (ANCIENT, POSSIBLY UNTESTED) - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size / sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX / 2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t *)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) \ - ({ \ - t *p = malloc(sizeof(t)); \ - *p = x; \ - p; \ - }) - -#define EURYDICE_REPLACE(ptr, new_v, t) \ - ({ \ - t old_v = *ptr; \ - *ptr = new_v; \ - old_v; \ - }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h deleted file mode 100644 index 000eda9e3..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ /dev/null @@ -1,259 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_core_H -#define __internal_libcrux_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_core.h" -#include "eurydice_glue.h" - -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( - core_fmt_rt_Argument x0[0U]); - -extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( - Eurydice_slice x0, Eurydice_slice x1); - -#define CORE_NUM__U32_8__BITS (32U) - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - -#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) - -void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]); - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) - -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \ - (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) - -#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) - -libcrux_ml_kem_types_MlKemPublicKey____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U]); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk); - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U]); - -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} K___uint8_t_1536size_t__uint8_t_1568size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U]); - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, Eurydice_slice rhs); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self); - -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]); - -libcrux_ml_kem_types_MlKemPublicKey____1184size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk); - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U]); - -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} K___uint8_t_1152size_t__uint8_t_1184size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____1088size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U]); - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, Eurydice_slice rhs); - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); - -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]); - -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk); - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U]); - -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { - uint8_t fst[768U]; - uint8_t snd[800U]; -} K___uint8_t_768size_t__uint8_t_800size_t_; - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U]); - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self); - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, Eurydice_slice rhs); - -typedef struct - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]); - -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]); - -typedef struct - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); - -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]); - -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]); - -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]); - -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]); - -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]); - -typedef struct core_option_Option__Eurydice_slice_uint8_t_s { - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} core_option_Option__Eurydice_slice_uint8_t; - -typedef struct - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U]); - -typedef struct - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h deleted file mode 100644 index d0aac553a..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_mlkem_avx2_H -#define __internal_libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem_avx2.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_avx2.h" - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_polynomial.h b/libcrux-ml-kem/c/internal/libcrux_polynomial.h deleted file mode 100644 index ba1228d32..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_polynomial.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_polynomial_H -#define __internal_libcrux_polynomial_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_polynomial.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" - -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) - -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ - ((int16_t)1353) - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, int16_t c); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a); - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a); - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, Eurydice_slice out); - -typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[4U]; - uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t; - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs); - -typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[3U]; - uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t; - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs); - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v); - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error); - -typedef struct - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - fst[2U]; - uint8_t snd; -} K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_2size_t__uint8_t; - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - b); - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs); - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v); - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, int16_t fer); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v); - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_polynomial_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h deleted file mode 100644 index 11ada5b26..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_sha3_avx2_H -#define __internal_libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_sha3_avx2.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - libcrux_sha3_avx2_x4_incremental_KeccakState4; - -void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]); - -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h deleted file mode 100644 index 58f4859bb..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ /dev/null @@ -1,251 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_sha3_internal_H -#define __internal_libcrux_sha3_internal_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_sha3_internal.h" -#include "eurydice_glue.h" - -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - libcrux_sha3_portable_KeccakState1; - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, buf); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o2); -} - -static inline void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - s, buf); -} - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o20[1U]; - memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o1); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o20, (size_t)168U); - Eurydice_slice o2[1U]; - memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o30[1U]; - memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o2); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o30, (size_t)168U); - Eurydice_slice o3[1U]; - memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o4[1U]; - memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - s, o4); -} - -static inline void -libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( - s, buf); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { - return self[0U]; -} - -static inline uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v) { - uint32_t uu____0; - switch (v) { - case libcrux_sha3_Sha224: { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = 4U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -static inline libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from( - uint32_t v) { - libcrux_sha3_Algorithm uu____0; - switch (v) { - case 1U: { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); - } - } - return uu____0; -} - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_internal_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c deleted file mode 100644 index 7fc937466..000000000 --- a/libcrux-ml-kem/c/libcrux_core.c +++ /dev/null @@ -1,409 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_core.h" - -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__int32_t_s { - core_option_Option__size_t_tags tag; - int32_t f0; -} Option__int32_t; - -typedef struct Option__uint32_t_s { - core_option_Option__size_t_tags tag; - uint32_t f0; -} Option__uint32_t; - -static uint8_t is_non_zero(uint8_t value) { - uint16_t value0 = (uint16_t)value; - uint16_t uu____0 = value0; - uint16_t result = (((uint32_t)uu____0 | - (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & - 0xFFFFU) >> - 8U & - 1U; - return (uint8_t)result; -} - -void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, - uint8_t ret[32U]) { - uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); - uint8_t out[32U] = {0U}; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; - i++) { - size_t i0 = i; - uint8_t uu____0 = - (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask; - uint8_t *uu____1 = - &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); - out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); - } - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ - .sk = sk, .pk = pk}); -} - -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____1568size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self) { - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, Eurydice_slice rhs) { - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) { - size_t i0 = i; - uint8_t uu____0 = - Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = (uint32_t)r | - ((uint32_t)uu____0 ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1600U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____1184size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ - .sk = sk, .pk = pk}); -} - -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____1088size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); - return lit; -} - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self) { - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, Eurydice_slice rhs) { - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) { - size_t i0 = i; - uint8_t uu____0 = - Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = (uint32_t)r | - ((uint32_t)uu____0 ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1120U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemPublicKey____800size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ - .sk = sk, .pk = pk}); -} - -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); - return lit; -} - -libcrux_ml_kem_types_MlKemCiphertext____768size_t -libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); - return lit; -} - -uint8_t * -libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self) { - return self->value; -} - -uint8_t -libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, Eurydice_slice rhs) { - uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) { - size_t i0 = i; - uint8_t uu____0 = - Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = (uint32_t)r | - ((uint32_t)uu____0 ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); - } - return is_non_zero(r); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]) { - uint8_t out[33U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)33U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]) { - uint8_t out[34U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)34U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); -} - -Eurydice_slice -libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)800U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)64U, uu____0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U]) { - if (self.tag == core_result_Ok) { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h deleted file mode 100644 index 049652436..000000000 --- a/libcrux-ml-kem/c/libcrux_core.h +++ /dev/null @@ -1,162 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_core_H -#define __libcrux_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct core_ops_range_Range__size_t_s { - size_t start; - size_t end; -} core_ops_range_Range__size_t; - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -typedef struct core_option_Option__size_t_s { - core_option_Option__size_t_tags tag; - size_t f0; -} core_option_Option__size_t; - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { - uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemPublicKey____1568size_t; - -typedef struct - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s { - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { - uint8_t value[3168U]; -} libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s { - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { - uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemCiphertext____1568size_t; - -typedef struct - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; - uint8_t snd[32U]; -} K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey____1184size_t; - -typedef struct - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s { - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s { - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { - uint8_t value[1088U]; -} libcrux_ml_kem_types_MlKemCiphertext____1088size_t; - -typedef struct - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; - uint8_t snd[32U]; -} K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; - -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey____800size_t; - -typedef struct - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s { - core_option_Option__size_t_tags tag; - libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; - -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; - -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s { - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; - -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext____768size_t; - -typedef struct - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; - uint8_t snd[32U]; -} K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; - -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; - -typedef struct - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U]); - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -typedef struct - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_core_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c deleted file mode 100644 index 2a747078e..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ /dev/null @@ -1,1749 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem1024.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem512_portable.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_11__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -static inline void ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_PortableVector_11size_t(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0; - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_5__libcrux_ml_kem_vector_PortableVector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_11size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = compute_message__libcrux_ml_kem_vector_PortableVector_4size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____4size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; -} PortableHash____4size_t; - -static inline PortableHash____4size_t shake128_init_absorb___4size_t( - uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; - memcpy( - uu____1, state, - (size_t)4U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - PortableHash____4size_t lit; - memcpy( - lit.shake128_state, uu____1, - (size_t)4U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___4size_t( - PortableHash____4size_t *self, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___4size_t( - PortableHash____4size_t *self, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( - int16_t s[272U]) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash____4size_t xof_state = shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_4size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [4U])); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___4size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t0(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t( - &result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_4size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_PortableVector_352size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - input[4U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_11size_t_352size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re, - Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_5__libcrux_ml_kem_vector_PortableVector( - re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___4size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_4size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_4size_t_1408size_t_11size_t_352size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_5size_t_160size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -static void -decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static void -decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___4size_t( - Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_4size_t1(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - &result[i1], &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_4size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[4U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -static libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - public_key); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline bool -validate_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - return validate_public_key__libcrux_ml_kem_vector_PortableVector_4size_t_1536size_t_1568size_t( - public_key); -} - -static bool validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ - uu____0; - if (validate_public_key___4size_t_1536size_t_1568size_t(public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h deleted file mode 100644 index b23582faf..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem1024_H -#define __libcrux_mlkem1024_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_platform.h" -#include "libcrux_polynomial.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_internal.h" - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * \ - LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) - -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + \ - LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) - -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 \ - (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + \ - LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1024_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c deleted file mode 100644 index 00bc23653..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem512.h" - -#include "internal/libcrux_core.h" - -static void -decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -static bool validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (validate_public_key___2size_t_768size_t_800size_t(public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h deleted file mode 100644 index 4cf838da4..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem512_H -#define __libcrux_mlkem512_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_platform.h" - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) - -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c deleted file mode 100644 index a1e71ded9..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ /dev/null @@ -1,1628 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem768.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem512_portable.h" -#include "internal/libcrux_mlkem_avx2.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_internal.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u__libcrux_ml_kem_vector_PortableVector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_PortableVector( - &zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - re); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message = compute_message__libcrux_ml_kem_vector_PortableVector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message__libcrux_ml_kem_vector_PortableVector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static void -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -typedef struct PortableHash____3size_t_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; -} PortableHash____3size_t; - -static inline PortableHash____3size_t shake128_init_absorb___3size_t( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy( - uu____1, state, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - PortableHash____3size_t lit; - memcpy( - lit.shake128_state, uu____1, - (size_t)3U * - sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t( - PortableHash____3size_t *self, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U]) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_PortableVector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U])); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_PortableVector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t0(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_PortableVector_3size_t(&result); - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - error_2, message, result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_PortableVector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution__libcrux_ml_kem_vector_PortableVector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message__libcrux_ml_kem_vector_PortableVector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_PortableVector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_PortableVector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_PortableVector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -static void -decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static void -decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_3size_t1(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - product = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - &result[i1], &product); - } - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element__libcrux_ml_kem_vector_PortableVector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - K___libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_PortableVector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair__libcrux_ml_kem_vector_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -static libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - public_key); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -closure__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t(void) { - return libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); -} - -static inline bool -validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_PortableVector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return validate_public_key__libcrux_ml_kem_vector_PortableVector_3size_t_1152size_t_1184size_t( - public_key); -} - -static bool validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (validate_public_key___3size_t_1152size_t_1184size_t(public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h deleted file mode 100644 index 5fb3491b8..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_H -#define __libcrux_mlkem768_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_platform.h" -#include "libcrux_polynomial.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_internal.h" - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c deleted file mode 100644 index 19f0762b4..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem768_avx2.h" - -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h deleted file mode 100644 index 5b71584d3..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_avx2_H -#define __libcrux_mlkem768_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem768.h" - -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c deleted file mode 100644 index 22c124e6e..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem768_portable.h" - -void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h deleted file mode 100644 index 9f6577139..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_portable_H -#define __libcrux_mlkem768_portable_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem768.h" - -void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_portable_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c deleted file mode 100644 index 21fc1c974..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ /dev/null @@ -1,7623 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_polynomial.h" -#include "internal/libcrux_sha3_avx2.h" - -typedef core_core_arch_x86___m256i SIMD256Vector; - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i uu____0 = vector; - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i uu____0 = vector; - return libcrux_intrinsics_avx2_mm256_and_si256( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - uu____0, libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - uu____1, libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, - (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, - (int8_t)0, (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - uint8_t ret0[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, - uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)16U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t ret0[8U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, - uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return libcrux_intrinsics_avx2_mm256_and_si256( - uu____15, libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - - (int16_t)1)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)5U, .end = (size_t)21U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t ret0[10U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - uint8_t uu____0 = - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____1 = - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____2 = - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____3 = - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____4 = - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____5 = - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____6 = - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____7 = - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____8 = - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____9 = - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____10 = - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____11 = - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____12 = - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____13 = - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____14 = - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____16, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)10U, .end = (size_t)26U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t ret0[20U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)4U, - .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 13U, - 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) { - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof(int16_t)); - return lit; -} - -inline void libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]) { - uint8_t result[22U] = {0U}; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | - (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | - (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | - (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | - (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | - (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | - (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | - (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U]; - libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector input = - libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) { - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_avx2_portable_PortableVector result = - libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____1 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____5 = - uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____6 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____8 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____10 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____12 = - uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U; - uint8_t *uu____13 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____15 = - &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____17 = - &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____23 = - uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, - uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, - uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____30 = - uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, - uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, - uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, - uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, - uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -inline void libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]) { - memcpy(ret, v.elements, (size_t)16U * sizeof(int16_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_avx2_portable_PortableVector output = - libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); - int16_t ret[16U]; - libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_array_to_slice((size_t)16U, ret, int16_t, Eurydice_slice)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)12U, .end = (size_t)28U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t ret0[24U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, - 11U, 11U, 10U, 9U, 8U, - 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice( - output, - ((core_ops_range_Range__size_t){.start = sampled_count, - .end = sampled_count + (size_t)8U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self) { - return self[0U]; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline core_core_arch_x86___m256i shift_right___15int32_t( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i shift_right___15int32_t0( - core_core_arch_x86___m256i vector) { - return shift_right___15int32_t(vector); -} - -static core_core_arch_x86___m256i -to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right___15int32_t0(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice_subslice( - a, - ((core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t uu____2 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t random_bits_as_u32 = - uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t random_bits_as_u24 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - randomness); - return uu____0; -} - -static inline void ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - re->coefficients[j + step], (int16_t)-1600); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; - -static core_core_arch_x86___m256i -montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - v, fer); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i t = - montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, - zeta_r); - b = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - a, &t); - a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &t); - return (( - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, .snd = b}); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static core_core_arch_x86___m256i -to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - self->coefficients[j]); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___4size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - b, &a); - a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_minus_b, zeta_r); - return (( - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, .snd = b}); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static core_core_arch_x86___m256i -decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i uu____0 = - decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &tmp); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___10int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___10int32_t(vector); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___10int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___11int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___11int32_t(vector); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___11int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___4int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___4int32_t(vector); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___4int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___5int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___5int32_t(vector); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = compress___5int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - coefficients, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___4size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___4size_t( - Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___10int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___10int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___11int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___11int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i decompress_ciphertext_coefficient___4int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___4int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___4int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i decompress_ciphertext_coefficient___5int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___5int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - bytes); - re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i uu____1 = - decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___10int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___11int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)768U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - uint8_t dummy_out1[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - uint8_t dummy_out1[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t dummy_out0[192U] = {0U}; - uint8_t dummy_out1[192U] = {0U}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], - Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____3, domain_separator) - .fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)1632U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - uint8_t dummy_out1[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___2size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___2size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___2size_t( - Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h deleted file mode 100644 index 026947fe9..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,293 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem_avx2_H -#define __libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_avx2_portable_PortableVector; - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); - -void libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, Eurydice_slice output); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self); - -typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h deleted file mode 100644 index 988a2e7f2..000000000 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_platform_H -#define __libcrux_platform_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern bool libcrux_platform_platform_simd256_support(void); - -extern bool libcrux_platform_platform_simd128_support(void); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_platform_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_polynomial.c b/libcrux-ml-kem/c/libcrux_polynomial.c deleted file mode 100644 index 61c774813..000000000 --- a/libcrux-ml-kem/c/libcrux_polynomial.c +++ /dev/null @@ -1,2531 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_polynomial.h" - -#include "internal/libcrux_core.h" - -const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, - (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, - (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, - (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383, - (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, - (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571, - (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, - (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666, - (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, - (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951, - (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, - (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843, - (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, - (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653, - (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, - (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349, - (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, - (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384, - (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, - (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794, - (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, - (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; - -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -static inline libcrux_ml_kem_vector_PortableVector zero(void) { - libcrux_ml_kem_vector_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -static libcrux_ml_kem_vector_PortableVector ZERO(void) { return zero(); } - -static inline libcrux_ml_kem_vector_PortableVector from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_PortableVector lit; - int16_t ret[16U]; - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -static libcrux_ml_kem_vector_PortableVector from_i16_array0( - Eurydice_slice array) { - return from_i16_array(array); -} - -static inline libcrux_ml_kem_vector_PortableVector add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs) { - return add(lhs, rhs); -} - -static inline libcrux_ml_kem_vector_PortableVector sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - libcrux_ml_kem_vector_PortableVector lhs, - libcrux_ml_kem_vector_PortableVector *rhs) { - return sub(lhs, rhs); -} - -static inline libcrux_ml_kem_vector_PortableVector multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_PortableVector v, int16_t c) { - return multiply_by_constant(v, c); -} - -static inline libcrux_ml_kem_vector_PortableVector bitwise_and_with_constant( - libcrux_ml_kem_vector_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector bitwise_and_with_constant0( - libcrux_ml_kem_vector_PortableVector v, int16_t c) { - return bitwise_and_with_constant(v, c); -} - -static inline libcrux_ml_kem_vector_PortableVector cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v) { - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - core_option_Option__size_t uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_PortableVector v) { - return cond_subtract_3329(v); -} - -#define BARRETT_MULTIPLIER ((int32_t)20159) - -#define BARRETT_SHIFT ((int32_t)26) - -#define BARRETT_R ((int32_t)1 << (uint32_t)BARRETT_SHIFT) - -static int16_t barrett_reduce_element(int16_t value) { - int32_t t = (int32_t)value * BARRETT_MULTIPLIER + (BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; -} - -static inline libcrux_ml_kem_vector_PortableVector barrett_reduce( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = barrett_reduce_element(v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_PortableVector v) { - return barrett_reduce(v); -} - -#define MONTGOMERY_SHIFT (16U) - -static int16_t montgomery_reduce_element(int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> (uint32_t)MONTGOMERY_SHIFT); - int16_t value_high = (int16_t)(value >> (uint32_t)MONTGOMERY_SHIFT); - return value_high - c; -} - -static inline int16_t montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) { - return montgomery_reduce_element((int32_t)fe * (int32_t)fer); -} - -static inline libcrux_ml_kem_vector_PortableVector -montgomery_multiply_by_constant(libcrux_ml_kem_vector_PortableVector v, - int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = montgomery_multiply_fe_by_fer(v.elements[i0], c); - v.elements[i0] = uu____0; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector montgomery_multiply_by_constant0( - libcrux_ml_kem_vector_PortableVector v, int16_t r) { - return montgomery_multiply_by_constant(v, r); -} - -static uint8_t compress_message_coefficient(uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); -} - -static inline libcrux_ml_kem_vector_PortableVector compress_1( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - uint8_t uu____0 = compress_message_coefficient((uint16_t)v.elements[i0]); - v.elements[i0] = (int16_t)uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress_1( - libcrux_ml_kem_vector_PortableVector v) { - return compress_1(v); -} - -static inline uint32_t get_n_least_significant_bits(uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static int16_t compress_ciphertext_coefficient(uint8_t coefficient_bits, - uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t)get_n_least_significant_bits(coefficient_bits, - (uint32_t)compressed); -} - -static inline libcrux_ml_kem_vector_PortableVector ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - int16_t t = montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); - v.elements[2U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); - v.elements[3U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); - v.elements[6U] = v.elements[4U] - t1; - v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); - v.elements[7U] = v.elements[5U] - t2; - v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], zeta2); - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], zeta2); - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta3); - v.elements[(size_t)8U + (size_t)6U] = - v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = - v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta3); - v.elements[(size_t)8U + (size_t)7U] = - v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = - v.elements[(size_t)8U + (size_t)5U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -static inline libcrux_ml_kem_vector_PortableVector ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) { - int16_t t = montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); - v.elements[4U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); - v.elements[5U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); - v.elements[6U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); - v.elements[7U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], zeta1); - v.elements[(size_t)8U + (size_t)4U] = - v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], zeta1); - v.elements[(size_t)8U + (size_t)5U] = - v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], zeta1); - v.elements[(size_t)8U + (size_t)6U] = - v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = - montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], zeta1); - v.elements[(size_t)8U + (size_t)7U] = - v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U + (size_t)3U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1) { - return ntt_layer_2_step(a, zeta0, zeta1); -} - -static inline libcrux_ml_kem_vector_PortableVector ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta) { - int16_t t = montgomery_multiply_fe_by_fer(v.elements[8U], zeta); - v.elements[8U] = v.elements[0U] - t; - v.elements[0U] = v.elements[0U] + t; - int16_t t0 = montgomery_multiply_fe_by_fer(v.elements[9U], zeta); - v.elements[9U] = v.elements[1U] - t0; - v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = montgomery_multiply_fe_by_fer(v.elements[10U], zeta); - v.elements[10U] = v.elements[2U] - t1; - v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = montgomery_multiply_fe_by_fer(v.elements[11U], zeta); - v.elements[11U] = v.elements[3U] - t2; - v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = montgomery_multiply_fe_by_fer(v.elements[12U], zeta); - v.elements[12U] = v.elements[4U] - t3; - v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = montgomery_multiply_fe_by_fer(v.elements[13U], zeta); - v.elements[13U] = v.elements[5U] - t4; - v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = montgomery_multiply_fe_by_fer(v.elements[14U], zeta); - v.elements[14U] = v.elements[6U] - t5; - v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = montgomery_multiply_fe_by_fer(v.elements[15U], zeta); - v.elements[15U] = v.elements[7U] - t6; - v.elements[7U] = v.elements[7U] + t6; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta) { - return ntt_layer_3_step(a, zeta); -} - -static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t uu____0 = barrett_reduce_element(v.elements[0U] + v.elements[2U]); - v.elements[0U] = uu____0; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[2U] = uu____1; - int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t uu____2 = barrett_reduce_element(v.elements[1U] + v.elements[3U]); - v.elements[1U] = uu____2; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[3U] = uu____3; - int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t uu____4 = barrett_reduce_element(v.elements[4U] + v.elements[6U]); - v.elements[4U] = uu____4; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); - v.elements[6U] = uu____5; - int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t uu____6 = barrett_reduce_element(v.elements[5U] + v.elements[7U]); - v.elements[5U] = uu____6; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); - v.elements[7U] = uu____7; - int16_t a_minus_b3 = - v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t uu____8 = barrett_reduce_element(v.elements[(size_t)8U + (size_t)0U] + - v.elements[(size_t)8U + (size_t)2U]); - v.elements[(size_t)8U + (size_t)0U] = uu____8; - int16_t uu____9 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); - v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = - v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t uu____10 = - barrett_reduce_element(v.elements[(size_t)8U + (size_t)1U] + - v.elements[(size_t)8U + (size_t)3U]); - v.elements[(size_t)8U + (size_t)1U] = uu____10; - int16_t uu____11 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); - v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = - v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____12 = - barrett_reduce_element(v.elements[(size_t)8U + (size_t)4U] + - v.elements[(size_t)8U + (size_t)6U]); - v.elements[(size_t)8U + (size_t)4U] = uu____12; - int16_t uu____13 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); - v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = - v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____14 = - barrett_reduce_element(v.elements[(size_t)8U + (size_t)5U] + - v.elements[(size_t)8U + (size_t)7U]); - v.elements[(size_t)8U + (size_t)5U] = uu____14; - int16_t uu____15 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); - v.elements[(size_t)8U + (size_t)7U] = uu____15; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); -} - -static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta0, int16_t zeta1) { - int16_t a_minus_b = v.elements[4U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[4U]; - int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - v.elements[4U] = uu____0; - int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[5U]; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); - v.elements[5U] = uu____1; - int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[6U]; - int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); - v.elements[6U] = uu____2; - int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[7U]; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); - v.elements[7U] = uu____3; - int16_t a_minus_b3 = - v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; - v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); - v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = - v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; - v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); - v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = - v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; - v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; - int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); - v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = - v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; - v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); - v.elements[(size_t)8U + (size_t)7U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta0, int16_t zeta1) { - return inv_ntt_layer_2_step(a, zeta0, zeta1); -} - -static inline libcrux_ml_kem_vector_PortableVector inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector v, int16_t zeta) { - int16_t a_minus_b = v.elements[8U] - v.elements[0U]; - v.elements[0U] = v.elements[0U] + v.elements[8U]; - int16_t uu____0 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - v.elements[8U] = uu____0; - int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; - v.elements[1U] = v.elements[1U] + v.elements[9U]; - int16_t uu____1 = montgomery_multiply_fe_by_fer(a_minus_b0, zeta); - v.elements[9U] = uu____1; - int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; - v.elements[2U] = v.elements[2U] + v.elements[10U]; - int16_t uu____2 = montgomery_multiply_fe_by_fer(a_minus_b1, zeta); - v.elements[10U] = uu____2; - int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; - v.elements[3U] = v.elements[3U] + v.elements[11U]; - int16_t uu____3 = montgomery_multiply_fe_by_fer(a_minus_b2, zeta); - v.elements[11U] = uu____3; - int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; - v.elements[4U] = v.elements[4U] + v.elements[12U]; - int16_t uu____4 = montgomery_multiply_fe_by_fer(a_minus_b3, zeta); - v.elements[12U] = uu____4; - int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; - v.elements[5U] = v.elements[5U] + v.elements[13U]; - int16_t uu____5 = montgomery_multiply_fe_by_fer(a_minus_b4, zeta); - v.elements[13U] = uu____5; - int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; - v.elements[6U] = v.elements[6U] + v.elements[14U]; - int16_t uu____6 = montgomery_multiply_fe_by_fer(a_minus_b5, zeta); - v.elements[14U] = uu____6; - int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; - v.elements[7U] = v.elements[7U] + v.elements[15U]; - int16_t uu____7 = montgomery_multiply_fe_by_fer(a_minus_b6, zeta); - v.elements[15U] = uu____7; - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_PortableVector a, int16_t zeta) { - return inv_ntt_layer_3_step(a, zeta); -} - -typedef struct __int16_t_int16_t_s { - int16_t fst; - int16_t snd; -} __int16_t_int16_t; - -static inline __int16_t_int16_t ntt_multiply_binomials(__int16_t_int16_t _, - __int16_t_int16_t _0, - int16_t zeta) { - int16_t a0 = _.fst; - int16_t a1 = _.snd; - int16_t b0 = _0.fst; - int16_t b1 = _0.snd; - int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t uu____1 = montgomery_reduce_element( - uu____0 + (int32_t)montgomery_reduce_element((int32_t)a1 * (int32_t)b1) * - (int32_t)zeta); - return ((__int16_t_int16_t){ - .fst = uu____1, - .snd = montgomery_reduce_element((int32_t)a0 * (int32_t)b1 + - (int32_t)a1 * (int32_t)b0)}); -} - -static inline libcrux_ml_kem_vector_PortableVector ntt_multiply( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_PortableVector out = zero(); - __int16_t_int16_t lit0; - lit0.fst = lhs->elements[0U]; - lit0.snd = lhs->elements[1U]; - __int16_t_int16_t lit1; - lit1.fst = rhs->elements[0U]; - lit1.snd = rhs->elements[1U]; - __int16_t_int16_t product = ntt_multiply_binomials(lit0, lit1, zeta0); - out.elements[0U] = product.fst; - out.elements[1U] = product.snd; - __int16_t_int16_t lit2; - lit2.fst = lhs->elements[2U]; - lit2.snd = lhs->elements[3U]; - __int16_t_int16_t lit3; - lit3.fst = rhs->elements[2U]; - lit3.snd = rhs->elements[3U]; - __int16_t_int16_t product0 = ntt_multiply_binomials(lit2, lit3, -zeta0); - out.elements[2U] = product0.fst; - out.elements[3U] = product0.snd; - __int16_t_int16_t lit4; - lit4.fst = lhs->elements[4U]; - lit4.snd = lhs->elements[5U]; - __int16_t_int16_t lit5; - lit5.fst = rhs->elements[4U]; - lit5.snd = rhs->elements[5U]; - __int16_t_int16_t product1 = ntt_multiply_binomials(lit4, lit5, zeta1); - out.elements[4U] = product1.fst; - out.elements[5U] = product1.snd; - __int16_t_int16_t lit6; - lit6.fst = lhs->elements[6U]; - lit6.snd = lhs->elements[7U]; - __int16_t_int16_t lit7; - lit7.fst = rhs->elements[6U]; - lit7.snd = rhs->elements[7U]; - __int16_t_int16_t product2 = ntt_multiply_binomials(lit6, lit7, -zeta1); - out.elements[6U] = product2.fst; - out.elements[7U] = product2.snd; - __int16_t_int16_t lit8; - lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; - lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; - __int16_t_int16_t lit9; - lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; - lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; - __int16_t_int16_t product3 = ntt_multiply_binomials(lit8, lit9, zeta2); - out.elements[(size_t)8U + (size_t)0U] = product3.fst; - out.elements[(size_t)8U + (size_t)1U] = product3.snd; - __int16_t_int16_t lit10; - lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; - lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; - __int16_t_int16_t lit11; - lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; - lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; - __int16_t_int16_t product4 = ntt_multiply_binomials(lit10, lit11, -zeta2); - out.elements[(size_t)8U + (size_t)2U] = product4.fst; - out.elements[(size_t)8U + (size_t)3U] = product4.snd; - __int16_t_int16_t lit12; - lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; - lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; - __int16_t_int16_t lit13; - lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; - lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; - __int16_t_int16_t product5 = ntt_multiply_binomials(lit12, lit13, zeta3); - out.elements[(size_t)8U + (size_t)4U] = product5.fst; - out.elements[(size_t)8U + (size_t)5U] = product5.snd; - __int16_t_int16_t lit14; - lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; - lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; - __int16_t_int16_t lit; - lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; - lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; - __int16_t_int16_t product6 = ntt_multiply_binomials(lit14, lit, -zeta3); - out.elements[(size_t)8U + (size_t)6U] = product6.fst; - out.elements[(size_t)8U + (size_t)7U] = product6.snd; - return out; -} - -static libcrux_ml_kem_vector_PortableVector ntt_multiply0( - libcrux_ml_kem_vector_PortableVector *lhs, - libcrux_ml_kem_vector_PortableVector *rhs, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); -} - -static inline void serialize_1(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = (uint32_t)result[uu____1] | - (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_1( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[2U]) { - uint8_t ret0[2U]; - serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_1( - Eurydice_slice v) { - libcrux_ml_kem_vector_PortableVector result = zero(); - KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = - (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - uint8_t *uu____1 = - &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = - (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); - } - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_1( - Eurydice_slice a) { - return deserialize_1(a); -} - -static inline void serialize_4(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[8U]) { - uint8_t result[8U] = {0U}; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | - (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | - (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | - (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | - (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] << 4U | - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] << 4U | - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] << 4U | - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] << 4U | - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_4( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[8U]) { - uint8_t ret0[8U]; - serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_4( - Eurydice_slice bytes) { - libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = - &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = - &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = - &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = - &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_4( - Eurydice_slice a) { - return deserialize_4(a); -} - -static inline void serialize_5(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[10U]) { - uint8_t result[10U] = {0U}; - result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); - result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | - v.elements[1U] >> 3U); - result[2U] = - (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); - result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | - v.elements[4U] >> 4U); - result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); - result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) << 5U | - v.elements[(size_t)8U + (size_t)0U]); - result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) << 7U | - v.elements[(size_t)8U + (size_t)2U] << 2U) | - v.elements[(size_t)8U + (size_t)1U] >> 3U); - result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) << 4U | - v.elements[(size_t)8U + (size_t)3U] >> 1U); - result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) << 6U | - v.elements[(size_t)8U + (size_t)5U] << 1U) | - v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] << 3U | - v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_5( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[10U]) { - uint8_t ret0[10U]; - serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_5( - Eurydice_slice bytes) { - libcrux_ml_kem_vector_PortableVector v = zero(); - uint8_t *uu____0 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - 3U) - << 3U; - uint8_t *uu____2 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - 15U) - << 1U; - uint8_t *uu____5 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - 1U) - << 4U; - uint8_t *uu____7 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = - &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - 7U) - << 2U; - uint8_t *uu____10 = - &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - 3U) - << 3U; - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - 15U) - << 1U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - v.elements[11U] = - (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - 1U) - << 4U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - v.elements[12U] = - (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, - uint8_t, uint8_t *, uint8_t); - v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - 7U) - << 2U; - uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, - uint8_t, uint8_t *, uint8_t); - v.elements[14U] = - (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, - uint8_t, uint8_t *, uint8_t); - v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_5( - Eurydice_slice a) { - return deserialize_5(a); -} - -static inline void serialize_10(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[20U]) { - uint8_t result[20U] = {0U}; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | - (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) << 4U | - (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) << 6U | - (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); - result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); - result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) << 2U | - (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) << 4U | - (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) << 6U | - (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); - result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); - result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & - (int16_t)3); - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & - (int16_t)15); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & - (int16_t)63); - result[14U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & - (int16_t)3); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & - (int16_t)15); - result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & - (int16_t)63); - result[19U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_10( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[20U]) { - uint8_t ret0[20U]; - serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_10( - Eurydice_slice bytes) { - libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U; - uint8_t *uu____1 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U; - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U; - uint8_t *uu____5 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____7 = - &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t uu____8 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U; - uint8_t *uu____9 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t uu____10 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U; - uint8_t *uu____11 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t uu____12 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U; - uint8_t *uu____13 = - &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____15 = - &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, - uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U; - uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, - uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U; - uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, - uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U; - uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, - uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, - uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_10( - Eurydice_slice a) { - return deserialize_10(a); -} - -static inline void serialize_11(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[22U]) { - uint8_t result[22U] = {0U}; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | - (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | - (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | - (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | - (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | - (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | - (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | - (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_11( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[22U]) { - uint8_t ret0[22U]; - serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_11( - Eurydice_slice bytes) { - libcrux_ml_kem_vector_PortableVector result = zero(); - int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____1 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____5 = - uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____6 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____8 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____10 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____12 = - uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U; - uint8_t *uu____13 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____15 = - &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____17 = - &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____23 = - uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, - uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, - uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____30 = - uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, - uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, - uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, - uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, - uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_11( - Eurydice_slice a) { - return deserialize_11(a); -} - -static inline void serialize_12(libcrux_ml_kem_vector_PortableVector v, - uint8_t ret[24U]) { - uint8_t result[24U] = {0U}; - result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); - result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); - result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = - (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); - result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); - result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = - (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); - result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); - result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = - (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); - result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); - result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); - result[13U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U | - (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); - result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); - result[16U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 8U | - (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); - result[19U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U | - (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); - result[22U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 8U | - (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___serialize_12( - libcrux_ml_kem_vector_PortableVector a, uint8_t ret[24U]) { - uint8_t ret0[24U]; - serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -static inline libcrux_ml_kem_vector_PortableVector deserialize_12( - Eurydice_slice bytes) { - libcrux_ml_kem_vector_PortableVector re = zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t); - int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t); - int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, - uint8_t *, uint8_t); - re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); - re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); - re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); - re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); - re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); - re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, - uint8_t *, uint8_t); - int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, - uint8_t *, uint8_t); - int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, - uint8_t *, uint8_t); - int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, - uint8_t *, uint8_t); - int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, - uint8_t *, uint8_t); - int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, - uint8_t *, uint8_t); - int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, - uint8_t *, uint8_t); - int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, - uint8_t *, uint8_t); - int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, - uint8_t *, uint8_t); - int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, - uint8_t *, uint8_t); - int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, - uint8_t *, uint8_t); - int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, - uint8_t *, uint8_t); - re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); - re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); - re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); - re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); - re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); - re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); - re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); - re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); - return re; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___deserialize_12( - Eurydice_slice a) { - return deserialize_12(a); -} - -static inline size_t rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option__Eurydice_slice_uint8_t uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( - &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - int16_t uu____8 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - uu____8; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___rej_sample( - Eurydice_slice a, Eurydice_slice out) { - return rej_sample(a, out); -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_PortableVector -to_standard_domain__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v) { - return montgomery_multiply_by_constant0( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_standard_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_PortableVector coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_PortableVector( - self->coefficients[j]); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline libcrux_ml_kem_vector_PortableVector compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)5, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___5int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return compress___5int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)4, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___4int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return compress___4int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)11, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___11int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return compress___11int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int16_t uu____0 = compress_ciphertext_coefficient((uint8_t)(int32_t)10, - (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___compress___10int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return compress___10int32_t(v); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_message_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient_normal_form = - montgomery_multiply_by_constant0(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_PortableVector tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - self->coefficients[i0], &message->coefficients[i0]); - libcrux_ml_kem_vector_PortableVector tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_decompress_1__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v) { - return bitwise_and_with_constant0( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - ZERO(), &v), - (int16_t)1665); -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_error_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_PortableVector coefficient_normal_form = - montgomery_multiply_by_constant0(self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector( - void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - lit; - lit.coefficients[0U] = ZERO(); - lit.coefficients[1U] = ZERO(); - lit.coefficients[2U] = ZERO(); - lit.coefficients[3U] = ZERO(); - lit.coefficients[4U] = ZERO(); - lit.coefficients[5U] = ZERO(); - lit.coefficients[6U] = ZERO(); - lit.coefficients[7U] = ZERO(); - lit.coefficients[8U] = ZERO(); - lit.coefficients[9U] = ZERO(); - lit.coefficients[10U] = ZERO(); - lit.coefficients[11U] = ZERO(); - lit.coefficients[12U] = ZERO(); - lit.coefficients[13U] = ZERO(); - lit.coefficients[14U] = ZERO(); - lit.coefficients[15U] = ZERO(); - return lit; -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___from_i16_array__libcrux_ml_kem_vector_PortableVector( - Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - result = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = - from_i16_array0(Eurydice_slice_subslice( - a, - ((core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_vector_PortableVector shift_right___15int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; - } - return v; -} - -static libcrux_ml_kem_vector_PortableVector shift_right___15int32_t0( - libcrux_ml_kem_vector_PortableVector v) { - return shift_right___15int32_t(v); -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector a) { - libcrux_ml_kem_vector_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_PortableVector fm = - bitwise_and_with_constant0(t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - a, &fm); -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___subtract_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector coefficient_normal_form = - montgomery_multiply_by_constant0(b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___add_to_ring_element__libcrux_ml_kem_vector_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - libcrux_ml_kem_vector_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_PortableVector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ntt_multiply__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - out = - libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___ZERO__libcrux_ml_kem_vector_PortableVector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = ntt_multiply0( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); - decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); - decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return decompress_ciphertext_coefficient___4int32_t(v); -} - -void libcrux_ml_kem_polynomial__libcrux_ml_kem__polynomial__PolynomialRingElement_Vector__TraitClause_0___poly_barrett_reduce__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector - *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___barrett_reduce( - self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe__libcrux_ml_kem_vector_PortableVector( - libcrux_ml_kem_vector_PortableVector v, int16_t fer) { - return montgomery_multiply_by_constant0(v, fer); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); - decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_vector_PortableVector -decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -libcrux_ml_kem_vector_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__PortableVector___decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_PortableVector v) { - return decompress_ciphertext_coefficient___10int32_t(v); -} diff --git a/libcrux-ml-kem/c/libcrux_polynomial.h b/libcrux-ml-kem/c/libcrux_polynomial.h deleted file mode 100644 index 1a90c137d..000000000 --- a/libcrux-ml-kem/c/libcrux_polynomial.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_polynomial_H -#define __libcrux_polynomial_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" - -typedef struct libcrux_ml_kem_vector_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_PortableVector; - -typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector_s { - libcrux_ml_kem_vector_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_PortableVector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_polynomial_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h deleted file mode 100644 index 87bfd1a1a..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_sha3_H -#define __libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -static inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); -} - -static inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); -} - -static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -static inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); -} - -static inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); -} - -static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -static inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); -} - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c deleted file mode 100644 index 49e0302b8..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ /dev/null @@ -1,2028 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_sha3_avx2.h" - -#include "internal/libcrux_core.h" - -static inline core_core_arch_x86___m256i zero(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i _veor5q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)1, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vrax1q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i rotate_left1_and_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i _vbcaxq_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i and_not_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64( - core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant( - core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - a[1U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - a[2U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice( - a[3U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)41, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)18, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)10, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)45, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)6, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)15, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)55, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)27, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)14, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_x86___m256i uu____0 = and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - size_t i) { - core_core_arch_x86___m256i uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = { - uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___168size_t0(s->st, out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - s, buf); -} diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h deleted file mode 100644 index 2f9e86a7b..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_sha3_avx2_H -#define __libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3); - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void); - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3); - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h deleted file mode 100644 index e796057eb..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ /dev/null @@ -1,2346 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_sha3_internal_H -#define __libcrux_sha3_internal_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" - -static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { - 1ULL, - 32898ULL, - 9223372036854808714ULL, - 9223372039002292224ULL, - 32907ULL, - 2147483649ULL, - 9223372039002292353ULL, - 9223372036854808585ULL, - 138ULL, - 136ULL, - 2147516425ULL, - 2147483658ULL, - 2147516555ULL, - 9223372036854775947ULL, - 9223372036854808713ULL, - 9223372036854808579ULL, - 9223372036854808578ULL, - 9223372036854775936ULL, - 32778ULL, - 9223372039002259466ULL, - 9223372039002292353ULL, - 9223372036854808704ULL, - 2147483649ULL, - 9223372039002292232ULL}; - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( - void) { - return 0ULL; -} - -static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, - uint64_t b) { - uint64_t uu____0 = a; - return uu____0 ^ - libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, - uint64_t b, - uint64_t c) { - return a ^ (b & ~c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, uint64_t b, uint64_t c) { - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, - uint64_t c) { - return a ^ c; -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, uint64_t c) { - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, uint64_t b) { - return a ^ b; -} - -static inline void libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice( - a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], - size_t mid) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out[0U], mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], size_t mid) { - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} - -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { - uint64_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; - -static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - -static inline void libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, - uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - uint64_t uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - uint64_t uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - uint64_t uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - uint64_t c[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - uint64_t uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t t[5U] = { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - uint64_t uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - uint64_t uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - uint64_t uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - uint64_t uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - uint64_t uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - uint64_t uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - uint64_t uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - uint64_t uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - uint64_t uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - uint64_t uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - uint64_t uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - uint64_t uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - uint64_t uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - uint64_t uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - uint64_t uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - uint64_t uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - uint64_t uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - uint64_t uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - uint64_t uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - uint64_t uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - uint64_t uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - uint64_t uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - uint64_t uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - uint64_t uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - uint64_t uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, uint64_t[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( - i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { - uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___168size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - s->st, out); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___104size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___144size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___136size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - uu____0, out); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - uu____0, out); -} - -static inline void libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); - blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = - (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t(*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uu____1, uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -static inline void libcrux_sha3_portable_keccak_store_block___72size_t( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - uint64_t(*uu____0)[5U] = s; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - s->st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - s->st, out); -} - -static inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - s.st, b); - { - size_t i = (size_t)0U; - Eurydice_slice uu____0 = out[i]; - uint8_t *uu____1 = b[i]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, - ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - out, (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - o1, (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - &s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, - o1); - } - } -} - -static inline void libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - uu____0, out); -} - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_internal_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c deleted file mode 100644 index 3d3d86bf4..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_sha3_neon.h" - -#include "internal/libcrux_core.h" - -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h deleted file mode 100644 index 0a665654b..000000000 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_sha3_neon_H -#define __libcrux_sha3_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1); - -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void); - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1); - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); - -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index bb3ce292b..54542df86 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -8,20 +8,20 @@ pub(crate) fn validate_public_key< public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { if libcrux_platform::simd256_support() { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] return instantiations::avx2::validate_public_key::< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, >(public_key); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] instantiations::portable::validate_public_key::< K, RANKED_BYTES_PER_RING_ELEMENT, PUBLIC_KEY_SIZE, >(public_key) } else if libcrux_platform::simd128_support() { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] return instantiations::neon::validate_public_key::< K, RANKED_BYTES_PER_RING_ELEMENT, @@ -55,7 +55,7 @@ pub(crate) fn generate_keypair< ) -> MlKemKeyPair { // Runtime feature detection. if libcrux_platform::simd256_support() { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] return instantiations::avx2::generate_keypair::< K, CPA_PRIVATE_KEY_SIZE, @@ -65,7 +65,7 @@ pub(crate) fn generate_keypair< ETA1, ETA1_RANDOMNESS_SIZE, >(randomness); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] instantiations::portable::generate_keypair::< K, CPA_PRIVATE_KEY_SIZE, @@ -76,7 +76,7 @@ pub(crate) fn generate_keypair< ETA1_RANDOMNESS_SIZE, >(randomness) } else if libcrux_platform::simd128_support() { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] return instantiations::neon::generate_keypair::< K, CPA_PRIVATE_KEY_SIZE, @@ -128,7 +128,7 @@ pub(crate) fn encapsulate< randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { if libcrux_platform::simd256_support() { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] return instantiations::avx2::encapsulate::< K, CIPHERTEXT_SIZE, @@ -144,7 +144,7 @@ pub(crate) fn encapsulate< ETA2, ETA2_RANDOMNESS_SIZE, >(public_key, randomness); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] instantiations::portable::encapsulate::< K, CIPHERTEXT_SIZE, @@ -234,7 +234,7 @@ pub(crate) fn decapsulate< ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { if libcrux_platform::simd256_support() { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] return instantiations::avx2::decapsulate::< K, SECRET_KEY_SIZE, @@ -253,7 +253,7 @@ pub(crate) fn decapsulate< ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext); - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] return instantiations::portable::decapsulate::< K, SECRET_KEY_SIZE, @@ -273,7 +273,7 @@ pub(crate) fn decapsulate< IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext); } else if libcrux_platform::simd128_support() { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] return instantiations::neon::decapsulate::< K, SECRET_KEY_SIZE, diff --git a/libcrux-sha3/build.rs b/libcrux-sha3/build.rs index ef1138666..91a6fae70 100644 --- a/libcrux-sha3/build.rs +++ b/libcrux-sha3/build.rs @@ -2,21 +2,20 @@ use std::env; fn main() { let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let disable_simd128 = match env::var("LIBCRUX_DISABLE_SIMD128") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + let disable_simd128 = read_env("LIBCRUX_DISABLE_SIMD128"); + let disable_simd256 = read_env("LIBCRUX_DISABLE_SIMD256"); - let disable_simd256 = match env::var("LIBCRUX_DISABLE_SIMD256") { - Ok(s) => s == "1" || s == "y" || s == "Y", - Err(_) => false, - }; + // Force a simd build. Make sure you know what you're doing. + let enable_simd128 = read_env("LIBCRUX_ENABLE_SIMD128"); + let enable_simd256 = read_env("LIBCRUX_ENABLE_SIMD256"); - if target_arch == "aarch64" && !disable_simd128 { + let simd128_possible = target_arch == "aarch64"; + if (simd128_possible || enable_simd128) && !disable_simd128 { // We enable simd128 on all aarch64 builds. println!("cargo:rustc-cfg=feature=\"simd128\""); } - if target_arch == "x86_64" && !disable_simd256 { + let simd126_possible = target_arch == "x86_64"; + if (simd126_possible || enable_simd256) && !disable_simd256 { // We enable simd256 on all x86_64 builds. // Note that this doesn't mean the required CPU features are available. // But the compiler will support them and the runtime checks ensure that @@ -26,3 +25,10 @@ fn main() { println!("cargo:rustc-cfg=feature=\"simd256\""); } } + +fn read_env(key: &str) -> bool { + match env::var(key) { + Ok(s) => s == "1" || s == "y" || s == "Y", + Err(_) => false, + } +} diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 42379f871..42a95a52d 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -274,10 +274,10 @@ pub mod portable { /// /// Feature `simd128` enables the implementations in this module. pub mod neon { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] use crate::generic_keccak::keccak; - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] #[inline(always)] fn keccakx2(data: [&[u8]; 2], out: [&mut [u8]; 2]) { keccak::<2, crate::simd::arm64::uint64x2_t, RATE, DELIM>(data, out) @@ -287,9 +287,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn sha224(digest: &mut [u8], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; 28]; keccakx2::<144, 0x06u8>([data, data], [digest, &mut dummy]); @@ -300,9 +300,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn sha256(digest: &mut [u8], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; 32]; keccakx2::<136, 0x06u8>([data, data], [digest, &mut dummy]); @@ -313,9 +313,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn sha384(digest: &mut [u8], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; 48]; keccakx2::<104, 0x06u8>([data, data], [digest, &mut dummy]); @@ -326,9 +326,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn sha512(digest: &mut [u8], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; 64]; keccakx2::<72, 0x06u8>([data, data], [digest, &mut dummy]); @@ -339,9 +339,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn shake128(digest: &mut [u8; LEN], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; LEN]; keccakx2::<168, 0x1fu8>([data, data], [digest, &mut dummy]); @@ -352,9 +352,9 @@ pub mod neon { #[allow(unused_variables)] #[inline(always)] pub fn shake256(digest: &mut [u8; LEN], data: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] { let mut dummy = [0u8; LEN]; keccakx2::<136, 0x1fu8>([data, data], [digest, &mut dummy]); @@ -363,7 +363,7 @@ pub mod neon { /// Performing 2 operations in parallel pub mod x2 { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] use super::*; /// Run SHAKE256 on both inputs in parallel. @@ -373,9 +373,9 @@ pub mod neon { #[inline(always)] pub fn shake256(input0: &[u8], input1: &[u8], out0: &mut [u8], out1: &mut [u8]) { // TODO: make argument ordering consistent - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] keccakx2::<136, 0x1fu8>([input0, input1], [out0, out1]); } @@ -414,19 +414,19 @@ pub mod neon { /// An incremental API to perform 2 operations in parallel pub mod incremental { - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] use crate::generic_keccak::{ absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState, }; - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] pub struct KeccakState2 { state: KeccakState<2, crate::simd::arm64::uint64x2_t>, } - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] type KeccakState2Internal = KeccakState<2, crate::simd::arm64::uint64x2_t>; #[allow(dead_code)] - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] pub struct KeccakState2 { state: [crate::portable::KeccakState1; 2], } @@ -434,7 +434,7 @@ pub mod neon { /// Initialise the `KeccakState2`. #[inline(always)] pub fn shake128_init() -> KeccakState2 { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation @@ -443,7 +443,7 @@ pub mod neon { // let s1 = KeccakState1::new(); // [s0, s1] // } - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] KeccakState2 { state: KeccakState2Internal::new(), } @@ -452,7 +452,7 @@ pub mod neon { #[inline(always)] #[allow(unused_variables)] pub fn shake128_absorb_final(s: &mut KeccakState2, data0: &[u8], data1: &[u8]) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation @@ -461,7 +461,7 @@ pub mod neon { // shake128_absorb_final(&mut s0, data0); // shake128_absorb_final(&mut s1, data1); // } - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] absorb_final::<2, crate::simd::arm64::uint64x2_t, 168, 0x1fu8>( &mut s.state, [data0, data1], @@ -503,7 +503,7 @@ pub mod neon { out0: &mut [u8], out1: &mut [u8], ) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation @@ -512,7 +512,7 @@ pub mod neon { // shake128_squeeze_first_three_blocks(&mut s0, out0); // shake128_squeeze_first_three_blocks(&mut s1, out1); // } - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] squeeze_first_three_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( &mut s.state, [out0, out1], @@ -582,7 +582,7 @@ pub mod neon { out0: &mut [u8], out1: &mut [u8], ) { - #[cfg(not(all(feature = "simd128", target_arch = "aarch64")))] + #[cfg(not(feature = "simd128"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation @@ -591,7 +591,7 @@ pub mod neon { // shake128_squeeze_next_block(&mut s0, out0); // shake128_squeeze_next_block(&mut s1, out1); // } - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(feature = "simd128")] squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 168>( &mut s.state, [out0, out1], @@ -660,7 +660,7 @@ pub mod avx2 { /// Performing 4 operations in parallel pub mod x4 { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] use crate::generic_keccak::keccak; /// Perform 4 SHAKE256 operations in parallel @@ -676,11 +676,11 @@ pub mod avx2 { out2: &mut [u8], out3: &mut [u8], ) { - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation - // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + // #[cfg(feature = "simd128")] // { // keccakx2::<136, 0x1fu8>([input0, input1], [out0, out1]); // keccakx2::<136, 0x1fu8>([input2, input3], [out2, out3]); @@ -691,7 +691,7 @@ pub mod avx2 { // keccakx1::<136, 0x1fu8>([input2], [out2]); // keccakx1::<136, 0x1fu8>([input3], [out3]); // } - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] keccak::<4, core::arch::x86_64::__m256i, 136, 0x1fu8>( [input0, input1, input2, input3], [out0, out1, out2, out3], @@ -760,40 +760,37 @@ pub mod avx2 { /// An incremental API to perform 4 operations in parallel pub mod incremental { - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] use crate::generic_keccak::{ absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState, }; - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] pub struct KeccakState4 { state: KeccakState<4, core::arch::x86_64::__m256i>, } #[allow(dead_code)] - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + #[cfg(all(feature = "simd128", not(feature = "simd256")))] pub struct KeccakState4 { state: [crate::neon::x2::incremental::KeccakState2; 2], } - #[cfg(not(any( - all(feature = "simd256", target_arch = "x86_64"), - all(feature = "simd128", target_arch = "aarch64") - )))] + #[cfg(not(any(feature = "simd256", feature = "simd128")))] pub type KeccakState4 = [crate::portable::KeccakState1; 4]; /// Initialise the [`KeccakState4`]. #[inline(always)] pub fn shake128_init() -> KeccakState4 { - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation - // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + // #[cfg(feature = "simd128")] // { // let s0 = KeccakState2::new(); // let s1 = KeccakState2::new(); // [s0, s1] // } - // #[cfg(not(any(all(feature = "simd128", target_arch = "aarch64"), all(feature = "simd256", target_arch = "x86_64"))))] + // #[cfg(not(any(feature = "simd128", feature = "simd256")))] // { // let s0 = KeccakState1::new(); // let s1 = KeccakState1::new(); @@ -801,7 +798,7 @@ pub mod avx2 { // let s3 = KeccakState1::new(); // [s0, s1, s2, s3] // } - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] KeccakState4 { state: KeccakState::new(), } @@ -816,11 +813,11 @@ pub mod avx2 { data2: &[u8], data3: &[u8], ) { - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation - // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + // #[cfg(feature = "simd128")] // { // let [mut s0, mut s1] = s; // absorb_final::<2, crate::simd::arm64::uint64x2_t, 168, 0x1fu8>( @@ -832,7 +829,7 @@ pub mod avx2 { // [data2, data3], // ); // } - // #[cfg(not(any(all(feature = "simd128", target_arch = "aarch64"), all(feature = "simd256", target_arch = "x86_64"))))] + // #[cfg(not(any(feature = "simd128", feature = "simd256")))] // { // let [mut s0, mut s1, mut s2, mut s3] = s; // shake128_absorb_final(&mut s0, data0); @@ -840,7 +837,7 @@ pub mod avx2 { // shake128_absorb_final(&mut s2, data2); // shake128_absorb_final(&mut s3, data3); // } - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] absorb_final::<4, core::arch::x86_64::__m256i, 168, 0x1fu8>( &mut s.state, [data0, data1, data2, data3], @@ -888,11 +885,11 @@ pub mod avx2 { out2: &mut [u8], out3: &mut [u8], ) { - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation - // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + // #[cfg(feature = "simd128")] // { // let [mut s0, mut s1] = s; // squeeze_first_three_blocks::<2, crate::simd::arm64::uint64x2_t, 168>( @@ -904,7 +901,7 @@ pub mod avx2 { // [out2, out3], // ); // } - // #[cfg(not(any(all(feature = "simd128", target_arch = "aarch64"), all(feature = "simd256", target_arch = "x86_64"))))] + // #[cfg(not(any(feature = "simd128", feature = "simd256")))] // { // let [mut s0, mut s1, mut s2, mut s3] = s; // shake128_squeeze_first_three_blocks(&mut s0, out0); @@ -912,7 +909,7 @@ pub mod avx2 { // shake128_squeeze_first_three_blocks(&mut s2, out2); // shake128_squeeze_first_three_blocks(&mut s3, out3); // } - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] squeeze_first_three_blocks::<4, core::arch::x86_64::__m256i, 168>( &mut s.state, [out0, out1, out2, out3], @@ -982,11 +979,11 @@ pub mod avx2 { out2: &mut [u8], out3: &mut [u8], ) { - #[cfg(not(all(feature = "simd256", target_arch = "x86_64")))] + #[cfg(not(feature = "simd256"))] unimplemented!("The target architecture does not support neon instructions."); // XXX: These functions could alternatively implement the same with // the portable implementation - // #[cfg(all(feature = "simd128", target_arch = "aarch64"))] + // #[cfg(feature = "simd128")] // { // let [mut s0, mut s1] = s; // squeeze_next_block::<2, crate::simd::arm64::uint64x2_t, 168>( @@ -998,7 +995,7 @@ pub mod avx2 { // [out2, out3], // ); // } - // #[cfg(not(any(all(feature = "simd128", target_arch = "aarch64"), all(feature = "simd256", target_arch = "x86_64"))))] + // #[cfg(not(any(feature = "simd128", feature = "simd256")))] // { // let [mut s0, mut s1, mut s2, mut s3] = s; // shake128_squeeze_next_block(&mut s0, out0); @@ -1006,7 +1003,7 @@ pub mod avx2 { // shake128_squeeze_next_block(&mut s2, out2); // shake128_squeeze_next_block(&mut s3, out3); // } - #[cfg(all(feature = "simd256", target_arch = "x86_64"))] + #[cfg(feature = "simd256")] squeeze_next_block::<4, core::arch::x86_64::__m256i, 168>( &mut s.state, [out0, out1, out2, out3], From bf04d417302ab5f6608479124fc7cd0d8da25372 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 15:39:11 -0700 Subject: [PATCH 11/74] Improved bundling --- libcrux-ml-kem/c.yaml | 106 +++++++++++++------ libcrux-ml-kem/c/libcrux_platform.c | 8 ++ libcrux-ml-kem/src/ind_cca/instantiations.rs | 2 +- libcrux-ml-kem/src/vector.rs | 34 +++--- 4 files changed, 103 insertions(+), 47 deletions(-) create mode 100644 libcrux-ml-kem/c/libcrux_platform.c diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 83cf038bf..72fa642cd 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -106,7 +106,7 @@ files: - [libcrux_sha3, "*"] inline_static: true - # MLKEM + # MLKEM: HASH FUNCTIONS (as used by mlkem) - name: libcrux_mlkem_neon api: @@ -132,6 +132,25 @@ files: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] + # This covers slightly more than the two bundles above, but this greatly + # simplifies our lives. + - name: libcrux_mlkem_portable + api: + - [libcrux_ml_kem, vector, "*"] + - [libcrux_ml_kem, hash_functions, portable, "*"] + private: + patterns: + - [ libcrux_ml_kem, polynomial, "*" ] + monomorphizations_using: + - [ libcrux_ml_kem, polynomial, "*" ] + - [libcrux_ml_kem, vector, "*"] + - [libcrux_ml_kem, hash_functions, portable, "*"] + monomorphizations_of: + - [ libcrux_ml_kem, polynomial, "*" ] + - [libcrux_ml_kem, vector, "*"] + - [libcrux_ml_kem, hash_functions, portable, "*"] + + # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core private: monomorphizations_of: @@ -159,24 +178,7 @@ files: api: - [Eurydice, "*"] - - name: libcrux_polynomial - private: - patterns: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, "*" ] - monomorphizations_of: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, "*" ] - monomorphizations_using: - - [ libcrux_ml_kem, polynomial, "*" ] - - [ libcrux_ml_kem, vector, traits, "*" ] - - - name: libcrux_mlkem_sha3_avx2 - private: - monomorphizations_using: - - [libcrux_ml_kem, hash_functions, avx2, "*"] - api: - - [libcrux_ml_kem, hash_functions, avx2, "*"] + # MLKEM-512 - name: libcrux_mlkem512_avx2 api: @@ -187,6 +189,15 @@ files: - [libcrux_ml_kem, mlkem512, avx2] - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - name: libcrux_mlkem512_neon + api: + patterns: + - [libcrux_ml_kem, mlkem512, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] + monomorphizations_of: + - [libcrux_ml_kem, mlkem512, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] + - name: libcrux_mlkem512_portable api: patterns: @@ -200,6 +211,8 @@ files: api: - [libcrux_ml_kem, mlkem512] + # MLKEM-768 + - name: libcrux_mlkem768_avx2 api: patterns: @@ -209,6 +222,15 @@ files: - [libcrux_ml_kem, mlkem768, avx2] - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - name: libcrux_mlkem768_neon + api: + patterns: + - [libcrux_ml_kem, mlkem768, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] + monomorphizations_of: + - [libcrux_ml_kem, mlkem768, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] + - name: libcrux_mlkem768_portable api: patterns: @@ -222,34 +244,50 @@ files: api: - [libcrux_ml_kem, mlkem768] + # MLKEM-1024 + - name: libcrux_mlkem1024_avx2 api: - - [libcrux_ml_kem, mlkem1024, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + patterns: + - [libcrux_ml_kem, mlkem1024, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + monomorphizations_of: + - [libcrux_ml_kem, mlkem1024, avx2] + - [libcrux_ml_kem, ind_cca, instantiations, avx2] + + - name: libcrux_mlkem1024_neon + api: + patterns: + - [libcrux_ml_kem, mlkem1024, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] + monomorphizations_of: + - [libcrux_ml_kem, mlkem1024, neon] + - [libcrux_ml_kem, ind_cca, instantiations, neon] - name: libcrux_mlkem1024_portable api: - - [libcrux_ml_kem, mlkem1024, portable] - - [libcrux_ml_kem, ind_cca, instantiations, portable] + patterns: + - [libcrux_ml_kem, mlkem1024, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] + monomorphizations_of: + - [libcrux_ml_kem, mlkem1024, portable] + - [libcrux_ml_kem, ind_cca, instantiations, portable] - name: libcrux_mlkem1024 api: - [libcrux_ml_kem, mlkem1024] + # Multiplexing API. + - name: libcrux_mlkem_multiplexing - private: - - [libcrux_ml_kem, ind_cca, multiplexing] + api: + patterns: + - [libcrux_ml_kem, ind_cca, multiplexing] inline_static: true - - name: libcrux_mlkem_ind_cca + # Just a few constants not caught by anything above. Most likely can go into + # core or polynomial (TODO: try it). + - name: libcrux_mlkem_common private: - - [libcrux_ml_kem, ind_cca] - [libcrux_ml_kem, "*"] inline_static: true - - # # Just a few constants not caught by anything above. Most likely can go into - # # core or polynomial (TODO: try it). - # - name: libcrux_mlkem_common - # private: - # - [libcrux_ml_kem, "*"] - # inline_static: true diff --git a/libcrux-ml-kem/c/libcrux_platform.c b/libcrux-ml-kem/c/libcrux_platform.c new file mode 100644 index 000000000..b1f487d73 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_platform.c @@ -0,0 +1,8 @@ +// HAND-WRITTEN FILE + +#include + +bool libcrux_platform_platform_simd256_support(void) { + // TODO: query cpuid and cache the results!! + return true; +} diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 0df88acef..72f17a93a 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -133,7 +133,7 @@ macro_rules! instantiate { } // Portable generic implementations. -instantiate! {portable, crate::vector::PortableVector, crate::hash_functions::portable::PortableHash} +instantiate! {portable, crate::vector::portable::PortableVector, crate::hash_functions::portable::PortableHash} // AVX2 generic implementation. #[cfg(feature = "simd256")] diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index ceae95450..bc7cc7c0e 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -203,28 +203,36 @@ pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement } -#[derive(Clone, Copy)] -pub struct PortableVector { - elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], +pub(crate) mod portable { + + use super::*; + + #[derive(Clone, Copy)] + pub(crate) struct PortableVector { + pub(crate) elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], + } + } +use portable::*; + #[allow(non_snake_case)] #[inline(always)] -fn zero() -> PortableVector { +pub fn zero() -> PortableVector { PortableVector { elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], } } #[inline(always)] -fn from_i16_array(array: &[i16]) -> PortableVector { +pub fn from_i16_array(array: &[i16]) -> PortableVector { PortableVector { elements: array[0..16].try_into().unwrap(), } } #[inline(always)] -fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { +pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { lhs.elements[i] += rhs.elements[i]; } @@ -233,7 +241,7 @@ fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { } #[inline(always)] -fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { +pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { lhs.elements[i] -= rhs.elements[i]; } @@ -242,7 +250,7 @@ fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { } #[inline(always)] -fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { +pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] *= c; } @@ -251,7 +259,7 @@ fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { } #[inline(always)] -fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { +pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] &= c; } @@ -260,7 +268,7 @@ fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { } #[inline(always)] -fn shift_right(mut v: PortableVector) -> PortableVector { +pub fn shift_right(mut v: PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] = v.elements[i] >> SHIFT_BY; } @@ -269,7 +277,7 @@ fn shift_right(mut v: PortableVector) -> PortableVector { } // #[inline(always)] -// fn shift_left(mut lhs: PortableVector) -> PortableVector { +// pub fn shift_left(mut lhs: PortableVector) -> PortableVector { // for i in 0..FIELD_ELEMENTS_IN_VECTOR { // lhs.elements[i] = lhs.elements[i] << SHIFT_BY; // } @@ -278,7 +286,7 @@ fn shift_right(mut v: PortableVector) -> PortableVector { // } #[inline(always)] -fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { +pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { debug_assert!(v.elements[i] >= 0 && v.elements[i] < 4096); if v.elements[i] >= 3329 { @@ -288,6 +296,8 @@ fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { v } +use portable::*; + /// Signed Barrett Reduction /// /// Given an input `value`, `barrett_reduce` outputs a representative `result` From 9304e0ebec8d43aaa86fd63cdef8df170f02483b Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 15:50:08 -0700 Subject: [PATCH 12/74] Seems to do proper packaging on neon, at least --- libcrux-ml-kem/c/CMakeLists.txt | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 939dc09e9..ce387e474 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -42,12 +42,12 @@ file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_portable.c ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c ) -# file(GLOB VEC128_SOURCES -# ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_neon.c -# ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_neon.c -# ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_neon.c -# ${PROJECT_SOURCE_DIR}/libcrux_sha3_neon.c -# ) +file(GLOB SOURCES_vec128 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_neon.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_neon.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_neon.c + ${PROJECT_SOURCE_DIR}/libcrux_sha3_neon.c +) file(GLOB SOURCES_vec256 ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_avx2.c @@ -65,12 +65,20 @@ add_library(ml_kem SHARED ${SOURCES}) add_library(ml_kem_static STATIC ${SOURCES}) # if(LIBCRUX_VEC256) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 +# add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +# target_sources(ml_kem_static PRIVATE $) +# target_sources(ml_kem PRIVATE $) +# target_compile_options(ml_kem_vec256 PRIVATE +# -mavx +# -mavx2 +# ) +# endif() + +# if(LIBCRUX_VEC128) +add_library(ml_kem_vec128 OBJECT ${SOURCES_vec128}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) +target_compile_options(ml_kem_vec128 PRIVATE ) # endif() From e0d26d24ebb9e552fcb828283fb16dfaa3f1508f Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 15:50:21 -0700 Subject: [PATCH 13/74] With the freshly-generated C --- libcrux-ml-kem/c/eurydice_glue.h | 296 + libcrux-ml-kem/c/internal/libcrux_core.h | 256 + .../c/internal/libcrux_mlkem_neon.h | 94 + .../c/internal/libcrux_mlkem_portable.h | 98 + .../c/internal/libcrux_sha3_internal.h | 286 + libcrux-ml-kem/c/libcrux_core.c | 467 + libcrux-ml-kem/c/libcrux_core.h | 175 + libcrux-ml-kem/c/libcrux_mlkem1024.c | 203 + libcrux-ml-kem/c/libcrux_mlkem1024.h | 104 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 77 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 45 + libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 77 + libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 45 + libcrux-ml-kem/c/libcrux_mlkem512.c | 203 + libcrux-ml-kem/c/libcrux_mlkem512.h | 104 + libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 223 + libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 113 + libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 223 + libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 113 + libcrux-ml-kem/c/libcrux_mlkem768.c | 203 + libcrux-ml-kem/c/libcrux_mlkem768.h | 104 + libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 77 + libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 45 + libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 77 + libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 45 + libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9690 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_neon.h | 418 + libcrux-ml-kem/c/libcrux_mlkem_portable.c | 8858 +++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_portable.h | 418 + libcrux-ml-kem/c/libcrux_platform.h | 26 + libcrux-ml-kem/c/libcrux_sha3.h | 118 + libcrux-ml-kem/c/libcrux_sha3_avx2.c | 123 + libcrux-ml-kem/c/libcrux_sha3_avx2.h | 75 + libcrux-ml-kem/c/libcrux_sha3_internal.h | 3003 +++++ libcrux-ml-kem/c/libcrux_sha3_neon.c | 3689 +++++++ libcrux-ml-kem/c/libcrux_sha3_neon.h | 71 + 36 files changed, 30242 insertions(+) create mode 100644 libcrux-ml-kem/c/eurydice_glue.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_core.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_internal.h create mode 100644 libcrux-ml-kem/c/libcrux_core.c create mode 100644 libcrux-ml-kem/c/libcrux_core.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_portable.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_portable.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_portable.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_portable.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_portable.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_portable.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_portable.h create mode 100644 libcrux-ml-kem/c/libcrux_platform.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_internal.h create mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_sha3_neon.h diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h new file mode 100644 index 000000000..f798f970b --- /dev/null +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -0,0 +1,296 @@ +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "krml/internal/target.h" +#include "krml/lowstar_endianness.h" + +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + +// SLICES, ARRAYS, ETC. + +// We represent a slice as a pair of an (untyped) pointer, along with the length +// of the slice, i.e. the number of elements in the slice (this is NOT the +// number of bytes). This design choice has two important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* +// performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the +// type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you +// need to multiply it +// by sizeof t, where t is the type of the elements. +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x +// (included), and an end index in x (excluded). The argument x must be suitably +// cast to something that can decay (see remark above about how pointer +// arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) \ + ((Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) +#define EURYDICE_SLICE_LEN(s, _) s.len +// This macro is a pain because in case the dereferenced element type is an +// array, you cannot simply write `t x` as it would yield `int[4] x` instead, +// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that +// adds an extra argument to this macro at the last minute so that we have the +// correct type of *pointers* to elements. +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, r.start, r.end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ + EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t, _ret_t) \ + EURYDICE_SLICE(x, 0, \ + end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ + EURYDICE_SLICE((t *)x, r.start, r.end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ + EURYDICE_SLICE((t *)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ + EURYDICE_SLICE((t *)x, r, size) +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ + ERROR "should've been desugared" +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ + memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ + ((Eurydice_slice){.ptr = ptr_, .len = len_}) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define core_array_TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ + (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq \ + Eurydice_array_eq + +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + ((ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + ((ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ + .len = slice.len - mid}}) + +// Can't have a flexible array as a member of a union -- this violates strict +// aliasing rules. +typedef struct { + uint8_t tag; + uint8_t case_Ok[]; +} result_tryfromslice_flexible; + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ + Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, \ + sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, + Eurydice_slice src, size_t sz) { + dst->tag = 0; + memcpy(dst->case_Ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + uint32_t x = htobe32(src); + memcpy(dst, &x, 4); +} + +static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { + store64_le(buf, v); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + return load64_le(buf); +} + +static inline int64_t +core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { + return x; +} + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { + return __builtin_popcount(x0); +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { + return x + y; +} +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { + return x - y; +} + +static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, + int32_t *x1) { + *x0 = *x0 + *x1; +} + +static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { + return (*p) & v; +} +static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { + return (*p) >> v; +} + +// ITERATORS + +#define core_num_nonzero_NonZeroUsize size_t +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ + Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ + Eurydice_into_iter + +typedef struct { + Eurydice_slice slice; + size_t chunk_size; +} Eurydice_chunks; + +// Can't use macros Eurydice_slice_subslice_{to,from} because they require a +// type, and this static inline function cannot receive a type as an argument. +// Instead, we receive the element size and use it to peform manual offset +// computations rather than going through the macros. +static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, + size_t element_size) { + size_t chunk_size = chunks->slice.len >= chunks->chunk_size + ? chunks->chunk_size + : chunks->slice.len; + Eurydice_slice curr_chunk = + ((Eurydice_slice){.ptr = chunks->slice.ptr, .len = chunk_size}); + chunks->slice = ((Eurydice_slice){ + .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, + .len = chunks->slice.len - chunk_size}); + return curr_chunk; +} + +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ + .chunk_size = sz_}) +#define core_slice_iter_Chunks Eurydice_chunks +#define core_slice_iter_ChunksExact Eurydice_chunks +#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( \ + iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ + .f0 = chunk_next(iter, sizeof(t))})) +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) + +typedef struct { + Eurydice_slice s; + size_t index; +} Eurydice_slice_iterator; + +#define core_slice___Slice_T___iter(x, t, _ret_t) \ + ((Eurydice_slice_iterator){.s = x, .index = 0}) +#define core_slice_iter_Iter Eurydice_slice_iterator +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) + +// STRINGS + +typedef const char *Prims_string; + +// MISC (UNTESTED) + +typedef void *core_fmt_Formatter; +typedef void *core_fmt_Arguments; +typedef void *core_fmt_rt_Argument; +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ + NULL + +// VECTORS (ANCIENT, POSSIBLY UNTESTED) + +/* For now these are passed by value -- three words. We could conceivably change + * the representation to heap-allocate this struct and only pass around the + * pointer (one word). */ +typedef struct { + void *ptr; + size_t len; /* the number of elements */ + size_t alloc_size; /* the size of the allocation, in number of BYTES */ +} Eurydice_vec_s, *Eurydice_vec; + +/* Here, we set everything to zero rather than use a non-standard GCC + * statement-expression -- this suitably initializes ptr to NULL and len and + * size to 0. */ +#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size / sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX / 2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t *)v->ptr)[v->len] = x; \ + v->len++; \ + } while (0) + +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ + } while (0) + +#define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] +#define EURYDICE_VEC_LEN(v, t) (v)->len + +/* TODO: remove GCC-isms */ +#define EURYDICE_BOX_NEW(x, t) \ + ({ \ + t *p = malloc(sizeof(t)); \ + *p = x; \ + p; \ + }) + +#define EURYDICE_REPLACE(ptr, new_v, t) \ + ({ \ + t old_v = *ptr; \ + *ptr = new_v; \ + old_v; \ + }) + +#if defined(__cplusplus) +} +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h new file mode 100644 index 000000000..6deb05bb9 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -0,0 +1,256 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_core_H +#define __internal_libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_core.h" +#include "eurydice_glue.h" + +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); + +extern core_fmt_Arguments +core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); + +#define CORE_NUM__U32_8__BITS (32U) + +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); + +#define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +); + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) + +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) + +#define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) + +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +); + +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s +{ + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} +K___uint8_t_1536size_t__uint8_t_1568size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); + +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +); + +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s +{ + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} +K___uint8_t_1152size_t__uint8_t_1184size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); + +typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + +typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +); + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +); + +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s +{ + uint8_t fst[768U]; + uint8_t snd[800U]; +} +K___uint8_t_768size_t__uint8_t_800size_t_; + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +); + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +); + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s +{ + core_option_Option__size_t_tags tag; + Eurydice_slice f0; +} +core_option_Option__Eurydice_slice_uint8_t; + +typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + int16_t case_Ok[16U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +); + +typedef struct K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s +{ + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} +K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..5a3e6df8f --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -0,0 +1,94 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h new file mode 100644 index 000000000..e740ee1d0 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -0,0 +1,98 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_mlkem_portable_H +#define __internal_libcrux_mlkem_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "internal/libcrux_sha3_internal.h" +#include "internal/libcrux_core.h" +#include "../libcrux_mlkem_portable.h" +#include "eurydice_glue.h" + +extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; + +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h new file mode 100644 index 000000000..2471ee04f --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -0,0 +1,286 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_sha3_internal_H +#define __internal_libcrux_sha3_internal_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_sha3_internal.h" +#include "eurydice_glue.h" + +typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_KeccakState1; + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable_incremental_shake128_init(void) +{ + return + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0 +) +{ + Eurydice_slice buf[1U] = { data0 }; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) +{ + size_t uu____0; + switch (mode) + { + case libcrux_sha3_Sha224: + { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = (size_t)64U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +static const +size_t +libcrux_sha3_generic_keccak__PI[24U] = + { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, + (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, + (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, + (size_t)14U, (size_t)15U, (size_t)21U + }; + +static const +size_t +libcrux_sha3_generic_keccak__ROTC[24U] = + { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, + (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, + (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, + (size_t)61U, (size_t)56U, (size_t)14U + }; + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, + (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o20[1U]; + memcpy(o20, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o20, + (size_t)168U); + Eurydice_slice o2[1U]; + memcpy(o2, uu____2.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o30[1U]; + memcpy(o30, uu____2.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o30, + (size_t)168U); + Eurydice_slice o3[1U]; + memcpy(o3, uu____3.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o4[1U]; + memcpy(o4, uu____3.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o4); +} + +static inline void +libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0 +) +{ + Eurydice_slice buf[1U] = { out0 }; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t(s, buf); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self +) +{ + return self[0U]; +} + +static inline uint32_t +libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( + libcrux_sha3_Algorithm v +) +{ + uint32_t uu____0; + switch (v) + { + case libcrux_sha3_Sha224: + { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: + { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: + { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: + { + uu____0 = 4U; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +static inline libcrux_sha3_Algorithm +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) +{ + libcrux_sha3_Algorithm uu____0; + switch (v) + { + case 1U: + { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: + { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: + { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: + { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } + } + return uu____0; +} + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_internal_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c new file mode 100644 index 000000000..8730222c6 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -0,0 +1,467 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_core.h" + +typedef size_t RangeTo__size_t; + +typedef size_t RangeFrom__size_t; + +typedef struct Option__int32_t_s +{ + core_option_Option__size_t_tags tag; + int32_t f0; +} +Option__int32_t; + +typedef struct Option__uint32_t_s +{ + core_option_Option__size_t_tags tag; + uint32_t f0; +} +Option__uint32_t; + +static uint8_t is_non_zero(uint8_t value) +{ + uint16_t value0 = (uint16_t)value; + uint16_t uu____0 = value0; + uint16_t + result = + (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) + >> 8U + & 1U; + return (uint8_t)result; +} + +void +libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, + Eurydice_slice rhs, + uint8_t selector, + uint8_t ret[32U] +) +{ + uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); + uint8_t out[32U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) + { + size_t i0 = i; + uint8_t + uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; + uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); + out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); + } + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uint8_t value[3168U] +) +{ + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t value[1568U] +) +{ + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) +{ + uint8_t out[1600U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____1184size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uint8_t value[1184U] +) +{ + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t value[2400U] +) +{ + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t value[1088U] +) +{ + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self +) +{ + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +{ + uint8_t out[1120U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemPublicKey____800size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uint8_t value[800U] +) +{ + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk +) +{ + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); +} + +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uint8_t value[1632U] +) +{ + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + return lit; +} + +libcrux_ml_kem_types_MlKemCiphertext____768size_t +libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uint8_t value[768U] +) +{ + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); + return lit; +} + +uint8_t +*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self +) +{ + return self->value; +} + +uint8_t +libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + Eurydice_slice lhs, + Eurydice_slice rhs +) +{ + uint8_t r = 0U; + for (size_t i = (size_t)0U; i < (size_t)768U; i++) + { + size_t i0 = i; + uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = + (uint32_t)r + | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + } + return is_non_zero(r); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +{ + uint8_t out[33U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +{ + uint8_t out[34U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); +} + +Eurydice_slice +libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self +) +{ + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) +{ + uint8_t out[800U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + uint8_t *uu____0 = out; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + slice, + uint8_t, + void *); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +void +core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U] +) +{ + if (self.tag == core_result_Ok) + { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +) +{ + if (self.tag == core_result_Ok) + { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); + } + else + { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h new file mode 100644 index 000000000..0df3058ed --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -0,0 +1,175 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_core_H +#define __libcrux_core_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct core_ops_range_Range__size_t_s +{ + size_t start; + size_t end; +} +core_ops_range_Range__size_t; + +extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); + +extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); + +#define core_option_None 0 +#define core_option_Some 1 + +typedef uint8_t core_option_Option__size_t_tags; + +typedef struct core_option_Option__size_t_s +{ + core_option_Option__size_t_tags tag; + size_t f0; +} +core_option_Option__size_t; + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemPublicKey____1568size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } +libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } +libcrux_ml_kem_types_MlKemCiphertext____1568size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } +libcrux_ml_kem_types_MlKemPublicKey____1184size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } +libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } +libcrux_ml_kem_types_MlKemCiphertext____1088size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; + +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } +libcrux_ml_kem_types_MlKemPublicKey____800size_t; + +typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s +{ + core_option_Option__size_t_tags tag; + libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; +} +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; + +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } +libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; + +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s +{ + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; +} +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; + +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } +libcrux_ml_kem_types_MlKemCiphertext____768size_t; + +typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s +{ + libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; + uint8_t snd[32U]; +} +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; + +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + +typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s +{ + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } + val; +} +core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + +void +core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U] +); + +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s +{ + Eurydice_slice fst; + Eurydice_slice snd; +} +K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; + +typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s +{ + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} +K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_core_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c new file mode 100644 index 000000000..806b58c57 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -0,0 +1,203 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem1024.h" + +#include "internal/libcrux_core.h" + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____0); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____0); + } + else + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____0; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____1, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____0; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____1); + } + else if (libcrux_platform_platform_simd128_support()) + { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____2); + return uu____0; + } + else + { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____3); + } + return uu____0; +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + bool uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t(public_key); + return uu____0; + } + else + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key); + } + return uu____0; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h new file mode 100644 index 000000000..8478e2e63 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -0,0 +1,104 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_H +#define __libcrux_mlkem1024_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_platform.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_mlkem512_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) + +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) + +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c new file mode 100644 index 000000000..b86a77759 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -0,0 +1,77 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem1024_neon.h" + +void +libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h new file mode 100644 index 000000000..73b4dfddf --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -0,0 +1,45 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_neon_H +#define __libcrux_mlkem1024_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem512_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c new file mode 100644 index 000000000..989347491 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -0,0 +1,77 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem1024_portable.h" + +void +libcrux_ml_kem_mlkem1024_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h new file mode 100644 index 000000000..3b80960f2 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -0,0 +1,45 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_portable_H +#define __libcrux_mlkem1024_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem512_portable.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_mlkem1024_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c new file mode 100644 index 000000000..30acdca01 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -0,0 +1,203 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem512.h" + +#include "internal/libcrux_core.h" + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____0); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____0); + } + else + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____0; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____1, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____0; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____1); + } + else if (libcrux_platform_platform_simd128_support()) + { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____2); + return uu____0; + } + else + { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____3); + } + return uu____0; +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + bool uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t(public_key); + return uu____0; + } + else + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key); + } + return uu____0; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h new file mode 100644 index 000000000..5141914df --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -0,0 +1,104 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_H +#define __libcrux_mlkem512_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_platform.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_mlkem512_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c new file mode 100644 index 000000000..ee559d69b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -0,0 +1,223 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem512_neon.h" + +#include "internal/libcrux_mlkem_neon.h" + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h new file mode 100644 index 000000000..dc33f9084 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -0,0 +1,113 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_neon_H +#define __libcrux_mlkem512_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c new file mode 100644 index 000000000..1259ebf65 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -0,0 +1,223 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem512_portable.h" + +#include "internal/libcrux_mlkem_portable.h" + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem512_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); +} + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + return + libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h new file mode 100644 index 000000000..3e5778778 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -0,0 +1,113 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_portable_H +#define __libcrux_mlkem512_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem512_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key +); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key +); + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +); + +bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +void +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c new file mode 100644 index 000000000..7f07572a4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -0,0 +1,203 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768.h" + +#include "internal/libcrux_core.h" + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t uu____0[32U]; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____0); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____0); + } + else + { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + return; + } + memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____0; + if (libcrux_platform_platform_simd256_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____1, + uu____2); + } + else if (libcrux_platform_platform_simd128_support()) + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, + uu____4); + } + else + { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6); + } + return uu____0; +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uint8_t uu____1[64U]; + memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____1); + } + else if (libcrux_platform_platform_simd128_support()) + { + uint8_t uu____2[64U]; + memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____2); + return uu____0; + } + else + { + uint8_t uu____3[64U]; + memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____3); + } + return uu____0; +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + bool uu____0; + if (libcrux_platform_platform_simd256_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key); + } + else if (libcrux_platform_platform_simd128_support()) + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t(public_key); + return uu____0; + } + else + { + uu____0 = + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key); + } + return uu____0; +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h new file mode 100644 index 000000000..aa62f65ff --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -0,0 +1,104 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_H +#define __libcrux_mlkem768_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_platform.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_mlkem512_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +void +libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +void +libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); + +bool +libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key +); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c new file mode 100644 index 000000000..c9dd6730d --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -0,0 +1,77 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768_neon.h" + +void +libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h new file mode 100644 index 000000000..4edf95c59 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -0,0 +1,45 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_neon_H +#define __libcrux_mlkem768_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem512_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c new file mode 100644 index 000000000..e0363174d --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -0,0 +1,77 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768_portable.h" + +void +libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, + ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, + uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) +{ + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); + return + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +) +{ + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; + if + ( + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) + ) + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, + .f0 = public_key + } + ); + } + else + { + uu____0 = + ( + (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None + } + ); + } + return uu____0; +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h new file mode 100644 index 000000000..d5b0efcba --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -0,0 +1,45 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_portable_H +#define __libcrux_mlkem768_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_mlkem512_portable.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c new file mode 100644 index 000000000..c7a62ef71 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -0,0 +1,9690 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_core.h" + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) + } + ); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) +{ + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t + c0 = + libcrux_intrinsics_arm64__vandq_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t + c1 = + libcrux_intrinsics_arm64__vandq_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t + vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, + LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t + vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t + quotient = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, + vec0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + sub = + libcrux_intrinsics_arm64__vmulq_n_s16(quotient, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); + v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high +) +{ + core_core_arch_arm_shared_neon_int16x8_t + k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t + c = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + int16_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + v.low = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, + c); + v.high = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, + c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_int16x8_t + half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t + quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t + shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t + mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t + shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + shifted0, + core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t + shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t + shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) +{ + int16_t uu____0; + switch (coefficient_bits) + { + case 4: + { + uu____0 = (int16_t)15; + break; + } + case 5: + { + uu____0 = (int16_t)31; + break; + } + case 10: + { + uu____0 = (int16_t)1023; + break; + } + case 11: + { + uu____0 = (int16_t)2047; + break; + } + default: + { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c +) +{ + core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t + v_high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); + core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +) +{ + int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t + b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t + b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t + uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t + uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +) +{ + core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t + b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; + core_core_arch_arm_shared_neon_int16x8_t + zeta = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + zetas, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t + a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); + core_core_arch_arm_shared_neon_int16x4_t + uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____0, + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t + a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t + fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, + uu____2, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, + a0, + b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_low = + libcrux_intrinsics_arm64__vmull_s16(uu____3, + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t + a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t + snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, + uu____5, + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t + snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, + a1, + b0)); + core_core_arch_arm_shared_neon_int16x8_t + fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t + fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t + snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, + high0)); + core_core_arch_arm_shared_neon_int16x8_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, + high0)); + uint8_t + indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; + core_core_arch_arm_shared_neon_uint8x16_t + index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), + index)); + core_core_arch_arm_shared_neon_int16x8_t + high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), + index)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +) +{ + return + libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, + rhs, + zeta1, + zeta2, + zeta3, + zeta4); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[2U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t + high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) +{ + core_core_arch_arm_shared_neon_int16x8_t + one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t + low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)0U, + uint8_t, + uint8_t *, + uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t + high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, + (size_t)1U, + uint8_t, + uint8_t *, + uint8_t)); + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, + (int16_t)-7 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t + low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t + high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); + return + ( + (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vandq_s16(high, one) + } + ); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[8U] +) +{ + int16_t + shifter[8U] = + { + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, + (int16_t)12 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifter, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + lowt = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), + shift); + core_core_arch_arm_shared_neon_uint16x8_t + hight = + libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), + shift); + uint64_t + sum0 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t + sum1 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t + sum2 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t + sum3 = + (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) +{ + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t ret[16U] +) +{ + int16_t out[16U] = { 0U }; + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, + out, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof (int16_t)); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[10U] +) +{ + uint8_t res[10U] = { 0U }; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = + (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) + | out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = + (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) + | out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)8U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[20U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)20U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[4U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[22U] +) +{ + int16_t input[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) +{ + uint8_t input0[8U] = { 0U }; + uint8_t input1[8U] = { 0U }; + uint8_t input2[8U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)8U, + input2, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = { 0U }; + int16_t high[8U] = { 0U }; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + low, + int16_t, + Eurydice_slice)); + lit.high = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + high, + int16_t, + Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); +} + +inline void +libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[24U] +) +{ + core_core_arch_arm_shared_neon_int32x4_t + low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, + v.low)); + core_core_arch_arm_shared_neon_int32x4_t + mixt = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + low00, + low10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, + mixt)); + core_core_arch_arm_shared_neon_int64x2_t + low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + low0, + low1, + core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t + high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, + v.high)); + core_core_arch_arm_shared_neon_int32x4_t + mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, + high00, + high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t + high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, + mixt0)); + core_core_arch_arm_shared_neon_int64x2_t + high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, + high0, + high1, + core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = { 0U }; + Eurydice_slice + uu____2 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____3 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____3, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____5 = + Eurydice_array_to_subslice((size_t)24U, + result, + ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____5, + Eurydice_array_to_subslice((size_t)32U, + result32, + ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) +{ + uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; + core_core_arch_arm_shared_neon_uint8x16_t + index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + indexes, + uint8_t, + Eurydice_slice)); + int16_t + shifts[8U] = + { + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, + (int16_t)-4 + }; + core_core_arch_arm_shared_neon_int16x8_t + shift_vec = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, + shifts, + int16_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)16U, + input0, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input0, + uint8_t, + Eurydice_slice)); + uint8_t input1[16U] = { 0U }; + Eurydice_slice + uu____1 = + Eurydice_array_to_subslice((size_t)16U, + input1, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + core_core_arch_arm_shared_neon_uint8x16_t + input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, + input1, + uint8_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t + moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, + mask12)); + core_core_arch_arm_shared_neon_uint16x8_t + moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, + index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t + shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, + mask12)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +shift_right___15int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + v.low = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.low, + core_core_arch_arm_shared_neon_int16x8_t); + v.high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, + v.high, + core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +shift_right___15int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + return shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = shift_right___15int32_t0(a); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +typedef struct Simd128Hash_s +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + shake128_state[2U]; +} +Simd128Hash; + +static inline Simd128Hash shake128_init_absorb___4size_t(uint8_t input[4U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___4size_t(Simd128Hash *self, uint8_t ret[4U][504U]) +{ + uint8_t out[4U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = self->shake128_state; + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____5 = &self->shake128_state[1U]; + Eurydice_slice + uu____6 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, + uu____6, + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, uint8_t ret[4U][168U]) +{ + uint8_t out[4U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) +{ + uint8_t out[4U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out123, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = + core_slice___Slice_T___split_at_mut(out23, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____3, + uu____4, + uu____5, + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____8 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____6, + uu____7, + uu____8, + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; +} +__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); + b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, + &t); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, + &a); + a = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, + &b)); + b = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, + zeta_r); + return + ( + (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___10int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___10int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + return compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___11int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___11int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + return compress___11int32_t(v); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___4int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___4int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + return compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + compress___4int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t + compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, + v, + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t + compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t + compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + compressed1, + core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___5int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + core_core_arch_arm_shared_neon_int16x8_t + mask = + libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t + low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t + high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___5int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) +{ + return compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficients = + compress___5int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) +{ + core_core_arch_arm_shared_neon_uint32x4_t + coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32(v, + (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t + decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, + decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + core_core_arch_arm_shared_neon_uint32x4_t + mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t + low00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + low10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t + high00 = + libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + mask16); + core_core_arch_arm_shared_neon_uint32x4_t + high10 = + libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t + uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t + uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = + libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +) +{ + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *);); + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline Simd128Hash shake128_init_absorb___3size_t(uint8_t input[3U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice + uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, + uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___3size_t(Simd128Hash *self, uint8_t ret[3U][504U]) +{ + uint8_t out[3U][504U] = { { 0U } }; + uint8_t extra[504U] = { 0U }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = self->shake128_state; + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____4 = &self->shake128_state[1U]; + Eurydice_slice + uu____5 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, + uu____5, + Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, uint8_t ret[3U][168U]) +{ + uint8_t out[3U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + uint8_t out2[168U] = { 0U }; + uint8_t out3[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, + uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) +{ + uint8_t out[3U][128U] = { { 0U } }; + uint8_t extra[128U] = { 0U }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = + core_slice___Slice_T___split_at_mut(out12, + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____4 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____2, + uu____3, + uu____4, + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); + Eurydice_slice + uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____7 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____5, + uu____6, + uu____7, + Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + coefficient = + compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline Simd128Hash shake128_init_absorb___2size_t(uint8_t input[2U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, + state, + (size_t)2U + * + sizeof ( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + )); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___2size_t(Simd128Hash *self, uint8_t ret[2U][504U]) +{ + uint8_t out[2U][504U] = { { 0U } }; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [504U], + Eurydice_slice), + (size_t)1U, + uint8_t [504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = self->shake128_state; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, + uu____2, + Eurydice_array_to_slice((size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, uint8_t ret[2U][168U]) +{ + uint8_t out[2U][168U] = { { 0U } }; + uint8_t out0[168U] = { 0U }; + uint8_t out1[168U] = { 0U }; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, + uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) +{ + uint8_t out[2U][192U] = { { 0U } }; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [192U], + Eurydice_slice), + (size_t)1U, + uint8_t [192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) +{ + uint8_t out[2U][128U] = { { 0U } }; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = + core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, + out, + uint8_t [128U], + Eurydice_slice), + (size_t)1U, + uint8_t [128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice + uu____3 = + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____1, + uu____2, + uu____3, + Eurydice_array_to_slice((size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), + uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + uint8_t dummy[128U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice + uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, + &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], + &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, + &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256(uu____0, + uu____1, + uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h new file mode 100644 index 000000000..55e374569 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -0,0 +1,418 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_neon.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high +); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v +); + +int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta1, + int16_t zeta2 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + int16_t zeta +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3, + int16_t zeta4 +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + int16_t ret[16U] +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a +); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result); + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s +{ libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c new file mode 100644 index 000000000..9b58ec04e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -0,0 +1,8858 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_mlkem_portable.h" + +#include "internal/libcrux_sha3_internal.h" +#include "internal/libcrux_core.h" + +const +int16_t +libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = + { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, + (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, + (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, + (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, + (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, + (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, + (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, + (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, + (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, + (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, + (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, + (int16_t)1522, (int16_t)1628 + }; + +inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void) +{ + libcrux_ml_kem_vector_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( + void +) +{ + return libcrux_ml_kem_vector_zero(); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) +{ + libcrux_ml_kem_vector_portable_PortableVector lit; + int16_t ret[16U]; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + int16_t [16U], + void *); + core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, + ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + return lit; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + Eurydice_slice array +) +{ + return libcrux_ml_kem_vector_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +) +{ + return libcrux_ml_kem_vector_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +) +{ + return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) + { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + } + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_PortableVector v +) +{ + return libcrux_ml_kem_vector_cond_subtract_3329(v); +} + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) +{ + int32_t + t = + (int32_t)value + * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); + int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_PortableVector v +) +{ + return libcrux_ml_kem_vector_barrett_reduce(v); +} + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) +{ + int32_t + k = + (int32_t)(int16_t)value + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t + k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + return value_high - c; +} + +inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) +{ + return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + v.elements[i0] = uu____0; + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t r +) +{ + return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +} + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) +{ + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); + v.elements[i0] = (int16_t)uu____0; + } + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_PortableVector v +) +{ + return libcrux_ml_kem_vector_compress_1(v); +} + +inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) +{ + return value & ((1U << (uint32_t)n) - 1U); +} + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +{ + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return + (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, + (uint32_t)compressed); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + v.elements[2U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + v.elements[3U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + v.elements[6U] = v.elements[4U] - t1; + v.elements[4U] = v.elements[4U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + v.elements[7U] = v.elements[5U] - t2; + v.elements[5U] = v.elements[5U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], + zeta2); + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], + zeta2); + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta3); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta3); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + v.elements[4U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + v.elements[5U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + v.elements[6U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + v.elements[7U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t + t3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], + zeta1); + v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t + t4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], + zeta1); + v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t + t5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], + zeta1); + v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t + t6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], + zeta1); + v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta +) +{ + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + v.elements[8U] = v.elements[0U] - t; + v.elements[0U] = v.elements[0U] + t; + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + v.elements[9U] = v.elements[1U] - t0; + v.elements[1U] = v.elements[1U] + t0; + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + v.elements[10U] = v.elements[2U] - t1; + v.elements[2U] = v.elements[2U] + t1; + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + v.elements[11U] = v.elements[3U] - t2; + v.elements[3U] = v.elements[3U] + t2; + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + v.elements[12U] = v.elements[4U] - t3; + v.elements[4U] = v.elements[4U] + t3; + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + v.elements[13U] = v.elements[5U] - t4; + v.elements[5U] = v.elements[5U] + t4; + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + v.elements[14U] = v.elements[6U] - t5; + v.elements[6U] = v.elements[6U] + t5; + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + v.elements[15U] = v.elements[7U] - t6; + v.elements[7U] = v.elements[7U] + t6; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + int16_t a_minus_b = v.elements[2U] - v.elements[0U]; + int16_t + uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); + v.elements[0U] = uu____0; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[2U] = uu____1; + int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; + int16_t + uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); + v.elements[1U] = uu____2; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[3U] = uu____3; + int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; + int16_t + uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); + v.elements[4U] = uu____4; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + v.elements[6U] = uu____5; + int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; + int16_t + uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); + v.elements[5U] = uu____6; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + v.elements[7U] = uu____7; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t + uu____8 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); + v.elements[(size_t)8U + (size_t)0U] = uu____8; + int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + v.elements[(size_t)8U + (size_t)2U] = uu____9; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t + uu____10 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); + v.elements[(size_t)8U + (size_t)1U] = uu____10; + int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + v.elements[(size_t)8U + (size_t)3U] = uu____11; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t + uu____12 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); + v.elements[(size_t)8U + (size_t)4U] = uu____12; + int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + v.elements[(size_t)8U + (size_t)6U] = uu____13; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t + uu____14 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U + + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); + v.elements[(size_t)8U + (size_t)5U] = uu____14; + int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + v.elements[(size_t)8U + (size_t)7U] = uu____15; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1 +) +{ + int16_t a_minus_b = v.elements[4U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[4U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + v.elements[4U] = uu____0; + int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[5U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + v.elements[5U] = uu____1; + int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[6U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + v.elements[6U] = uu____2; + int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[7U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + v.elements[7U] = uu____3; + int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + + (size_t)0U] + + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)4U] = uu____4; + int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + + (size_t)1U] + + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)5U] = uu____5; + int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + + (size_t)2U] + + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)6U] = uu____6; + int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + + (size_t)3U] + + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)7U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1 +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta +) +{ + int16_t a_minus_b = v.elements[8U] - v.elements[0U]; + v.elements[0U] = v.elements[0U] + v.elements[8U]; + int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + v.elements[8U] = uu____0; + int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; + v.elements[1U] = v.elements[1U] + v.elements[9U]; + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + v.elements[9U] = uu____1; + int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; + v.elements[2U] = v.elements[2U] + v.elements[10U]; + int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + v.elements[10U] = uu____2; + int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; + v.elements[3U] = v.elements[3U] + v.elements[11U]; + int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + v.elements[11U] = uu____3; + int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; + v.elements[4U] = v.elements[4U] + v.elements[12U]; + int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + v.elements[12U] = uu____4; + int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; + v.elements[5U] = v.elements[5U] + v.elements[13U]; + int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + v.elements[13U] = uu____5; + int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; + v.elements[6U] = v.elements[6U] + v.elements[14U]; + int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + v.elements[14U] = uu____6; + int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; + v.elements[7U] = v.elements[7U] + v.elements[15U]; + int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + v.elements[15U] = uu____7; + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta +) +{ + return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +} + +inline K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +) +{ + int16_t a0 = _.fst; + int16_t a1 = _.snd; + int16_t b0 = _0.fst; + int16_t b1 = _0.snd; + int32_t uu____0 = (int32_t)a0 * (int32_t)b0; + int16_t + uu____1 = + libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 + + + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) + * (int32_t)zeta); + return + ( + (K___int16_t_int16_t){ + .fst = uu____1, + .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 + * (int32_t)b1 + + (int32_t)a1 * (int32_t)b0) + } + ); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + libcrux_ml_kem_vector_portable_PortableVector out = libcrux_ml_kem_vector_zero(); + K___int16_t_int16_t lit0; + lit0.fst = lhs->elements[0U]; + lit0.snd = lhs->elements[1U]; + K___int16_t_int16_t lit1; + lit1.fst = rhs->elements[0U]; + lit1.snd = rhs->elements[1U]; + K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + out.elements[0U] = product.fst; + out.elements[1U] = product.snd; + K___int16_t_int16_t lit2; + lit2.fst = lhs->elements[2U]; + lit2.snd = lhs->elements[3U]; + K___int16_t_int16_t lit3; + lit3.fst = rhs->elements[2U]; + lit3.snd = rhs->elements[3U]; + K___int16_t_int16_t + product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + out.elements[2U] = product0.fst; + out.elements[3U] = product0.snd; + K___int16_t_int16_t lit4; + lit4.fst = lhs->elements[4U]; + lit4.snd = lhs->elements[5U]; + K___int16_t_int16_t lit5; + lit5.fst = rhs->elements[4U]; + lit5.snd = rhs->elements[5U]; + K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + out.elements[4U] = product1.fst; + out.elements[5U] = product1.snd; + K___int16_t_int16_t lit6; + lit6.fst = lhs->elements[6U]; + lit6.snd = lhs->elements[7U]; + K___int16_t_int16_t lit7; + lit7.fst = rhs->elements[6U]; + lit7.snd = rhs->elements[7U]; + K___int16_t_int16_t + product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + out.elements[6U] = product2.fst; + out.elements[7U] = product2.snd; + K___int16_t_int16_t lit8; + lit8.fst = lhs->elements[(size_t)8U + (size_t)0U]; + lit8.snd = lhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t lit9; + lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; + lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; + K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + out.elements[(size_t)8U + (size_t)0U] = product3.fst; + out.elements[(size_t)8U + (size_t)1U] = product3.snd; + K___int16_t_int16_t lit10; + lit10.fst = lhs->elements[(size_t)8U + (size_t)2U]; + lit10.snd = lhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t lit11; + lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; + lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; + K___int16_t_int16_t + product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + out.elements[(size_t)8U + (size_t)2U] = product4.fst; + out.elements[(size_t)8U + (size_t)3U] = product4.snd; + K___int16_t_int16_t lit12; + lit12.fst = lhs->elements[(size_t)8U + (size_t)4U]; + lit12.snd = lhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t lit13; + lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; + lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; + K___int16_t_int16_t + product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + out.elements[(size_t)8U + (size_t)4U] = product5.fst; + out.elements[(size_t)8U + (size_t)5U] = product5.snd; + K___int16_t_int16_t lit14; + lit14.fst = lhs->elements[(size_t)8U + (size_t)6U]; + lit14.snd = lhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t lit; + lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; + lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; + K___int16_t_int16_t + product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + out.elements[(size_t)8U + (size_t)6U] = product6.fst; + out.elements[(size_t)8U + (size_t)7U] = product6.snd; + return out; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +) +{ + return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); +} + +inline void +libcrux_ml_kem_vector_serialize_1( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[2U] +) +{ + uint8_t result[2U] = { 0U }; + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); + KRML_MAYBE_FOR8(i, + (size_t)8U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] + | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); + memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[2U] +) +{ + uint8_t ret0[2U]; + libcrux_ml_kem_vector_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) +{ + libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); + KRML_MAYBE_FOR8(i, + (size_t)0U, + (size_t)8U, + (size_t)1U, + size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); + for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + } + return result; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_1(a); +} + +inline void +libcrux_ml_kem_vector_serialize_4( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[8U] +) +{ + uint8_t result[8U] = { 0U }; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] + << 4U + | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[8U] +) +{ + uint8_t ret0[8U]; + libcrux_ml_kem_vector_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_portable_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); + uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_4(a); +} + +inline void +libcrux_ml_kem_vector_serialize_5( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[10U] +) +{ + uint8_t result[10U] = { 0U }; + result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); + result[1U] = + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); + result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + result[3U] = + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); + result[5U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) + << 5U + | v.elements[(size_t)8U + (size_t)0U]); + result[6U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) + << 7U + | v.elements[(size_t)8U + (size_t)2U] << 2U) + | v.elements[(size_t)8U + (size_t)1U] >> 3U); + result[7U] = + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | v.elements[(size_t)8U + (size_t)3U] >> 1U); + result[8U] = + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) + << 6U + | v.elements[(size_t)8U + (size_t)5U] << 1U) + | v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)7U] + << 3U + | v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[10U] +) +{ + uint8_t ret0[10U]; + libcrux_ml_kem_vector_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_portable_PortableVector v = libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); + uint8_t + uu____1 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) + << 3U; + uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); + uint8_t + uu____4 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) + << 1U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); + uint8_t + uu____6 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) + << 4U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); + uint8_t + uu____9 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) + << 2U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); + uint8_t + *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); + uint8_t + uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & 3U) + << 3U; + uint8_t + *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); + uint8_t + *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); + uint8_t + uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & 15U) + << 1U; + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t + uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + & 1U) + << 4U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t + *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); + uint8_t + uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & 7U) + << 2U; + uint8_t + *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); + return v; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_5(a); +} + +inline void +libcrux_ml_kem_vector_serialize_10( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[20U] +) +{ + uint8_t result[20U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); + result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); + result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[11U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + result[18U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); + result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[20U] +) +{ + uint8_t ret0[20U]; + libcrux_ml_kem_vector_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; + int16_t + uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; + int16_t + uu____8 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 8U; + uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); + int16_t + uu____10 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 6U; + uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; + int16_t + uu____12 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 4U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; + int16_t + uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; + int16_t + uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 8U; + uint8_t + *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 6U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 4U; + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; + int16_t + uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; + int16_t + uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 8U; + uint8_t + *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); + int16_t + uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 6U; + uint8_t + *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; + int16_t + uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 4U; + uint8_t + *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; + int16_t + uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; + return result; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_10(a); +} + +inline void +libcrux_ml_kem_vector_serialize_11( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[22U] +) +{ + uint8_t result[22U] = { 0U }; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = + (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = + (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = + (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = + (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = + (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = + (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = + (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U + | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[22U] +) +{ + uint8_t ret0[22U]; + libcrux_ml_kem_vector_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); + int16_t + uu____0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) + << 8U; + uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t + uu____2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) + << 5U; + uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t + uu____4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) + << 10U; + int16_t + uu____5 = + uu____4 + | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; + uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t + uu____7 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) + << 7U; + uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t + uu____9 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) + << 4U; + uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t + uu____11 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) + << 9U; + int16_t + uu____12 = + uu____11 + | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; + uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t + uu____14 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) + << 6U; + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t + uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t + uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) + & (int16_t)7) + << 8U; + uint8_t + *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t + uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) + & (int16_t)63) + << 5U; + uint8_t + *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t + uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) + & (int16_t)1) + << 10U; + int16_t + uu____23 = + uu____22 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t + *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t + uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) + & (int16_t)15) + << 7U; + uint8_t + *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t + uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) + & (int16_t)127) + << 4U; + uint8_t + *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t + uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) + & (int16_t)3) + << 9U; + int16_t + uu____30 = + uu____29 + | + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t + *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t + uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) + & (int16_t)31) + << 6U; + uint8_t + *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t + uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) + << 3U; + uint8_t + *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_11(a); +} + +inline void +libcrux_ml_kem_vector_serialize_12( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[24U] +) +{ + uint8_t result[24U] = { 0U }; + result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); + result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); + result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); + result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); + result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); + result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); + result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); + result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); + result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); + result[13U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)0U] + >> 8U + | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); + result[16U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)2U] + >> 8U + | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)4U] + >> 8U + | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); + result[22U] = + (uint8_t)(v.elements[(size_t)8U + + (size_t)6U] + >> 8U + | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[24U] +) +{ + uint8_t ret0[24U]; + libcrux_ml_kem_vector_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) +{ + libcrux_ml_kem_vector_portable_PortableVector re = libcrux_ml_kem_vector_zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t + byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); + int16_t + byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); + re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); + re.elements[3U] = byte5 << 4U | (byte4 >> 4U & (int16_t)15); + re.elements[4U] = (byte7 & (int16_t)15) << 8U | (byte6 & (int16_t)255); + re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); + re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); + re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); + int16_t + byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); + int16_t + byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); + int16_t + byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); + int16_t + byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); + int16_t + byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); + int16_t + byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); + int16_t + byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); + int16_t + byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); + int16_t + byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); + int16_t + byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); + int16_t + byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); + int16_t + byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); + re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); + re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); + re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); + re.elements[11U] = byte17 << 4U | (byte16 >> 4U & (int16_t)15); + re.elements[12U] = (byte19 & (int16_t)15) << 8U | (byte18 & (int16_t)255); + re.elements[13U] = byte20 << 4U | (byte19 >> 4U & (int16_t)15); + re.elements[14U] = (byte22 & (int16_t)15) << 8U | (byte21 & (int16_t)255); + re.elements[15U] = byte23 << 4U | (byte22 >> 4U & (int16_t)15); + return re; +} + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + Eurydice_slice a +) +{ + return libcrux_ml_kem_vector_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) +{ + size_t sampled = (size_t)0U; + core_slice_iter_Chunks + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, + (size_t)3U, + uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, + core_slice_iter_Chunks); + while (true) + { + core_option_Option__Eurydice_slice_uint8_t + uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, + uint8_t, + core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) + { + break; + } + else + { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____1 = sampled < (size_t)16U; + } + else + { + uu____1 = false; + } + if (uu____1) + { + int16_t uu____2 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; + sampled++; + } + bool uu____3; + if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) + { + uu____3 = sampled < (size_t)16U; + } + else + { + uu____3 = false; + } + if (uu____3) + { + int16_t uu____4 = d2; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; + sampled++; + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +) +{ + return libcrux_ml_kem_vector_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( + libcrux_ml_kem_vector_portable_PortableVector *self +) +{ + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12(bytes); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +shift_right___15int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_portable_PortableVector +to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector a +) +{ + libcrux_ml_kem_vector_portable_PortableVector t = shift_right___15int32_t0(a); + libcrux_ml_kem_vector_portable_PortableVector + fm = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant(t, + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, + &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[384U] +) +{ + uint8_t serialized[384U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)384U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[4U], + uint8_t ret[1536U] +) +{ + uint8_t out[1536U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1536U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, + uint8_t ret[1568U] +) +{ + uint8_t public_key_serialized[1568U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1568U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[4U]; + memcpy(uu____1, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, + public_key_serialized, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[4U]; + memcpy(uu____0, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, + public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +typedef struct PortableHash____4size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } +PortableHash____4size_t; + +static inline PortableHash____4size_t shake128_init_absorb___4size_t(uint8_t input[4U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; + memcpy(uu____1, + state, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + PortableHash____4size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][504U]) +{ + uint8_t out[4U][504U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( + uint8_t randomness[4U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void +shake128_squeeze_block___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][168U]) +{ + uint8_t out[4U][168U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( + uint8_t randomness[4U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_slice a) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array(Eurydice_slice_subslice(a, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + size_t sampled_coefficients[4U] = { 0U }; + int16_t out[4U][272U] = { { 0U } }; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + PortableHash____4size_t xof_state = shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U][4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); + KRML_MAYBE_FOR4(i0, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[4U][34U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + fst[4U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) +{ + uint8_t out[4U][128U] = { { 0U } }; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + uu____2 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t + random_bits_as_u32 = + uu____2 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) + { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice randomness +) +{ + int16_t sampled_i16s[256U] = { 0U }; + for + (size_t + i0 = (size_t)0U; + i0 + < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) + { + size_t chunk_number = i0; + Eurydice_slice + byte_chunk = + Eurydice_slice_subslice(randomness, + ( + (core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint32_t + uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t + uu____1 = + uu____0 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; + uint32_t + random_bits_as_u24 = + uu____1 + | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) + { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t + outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return + from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_slice((size_t)256U, + sampled_i16s, + int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector(randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) + { + size_t j = i; + libcrux_ml_kem_vector_portable_PortableVector + t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant(re->coefficients[j + + step], + (int16_t)-1600); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(re->coefficients[j], + &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(re->coefficients[j], + &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct +__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s +{ + libcrux_ml_kem_vector_portable_PortableVector fst; + libcrux_ml_kem_vector_portable_PortableVector snd; +} +__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; + +static libcrux_ml_kem_vector_portable_PortableVector +montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t fer +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(v, + fer); +} + +static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector a, + libcrux_ml_kem_vector_portable_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_portable_PortableVector + t = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector(b, zeta_r); + b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(a, + &t); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, + &t); + return + ( + (__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[4U]; + memcpy(uu____2, + re_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply(&self->coefficients[i0], + &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_portable_PortableVector +to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(v, + LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector(self->coefficients[j]); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[4U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[4U]; + memcpy(uu____4, + t_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[4U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[3168U] +) +{ + uint8_t out[3168U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)3168U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[4U]; + memcpy(uu____2, + error_1, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector a, + libcrux_ml_kem_vector_portable_PortableVector b, + int16_t zeta_r +) +{ + libcrux_ml_kem_vector_portable_PortableVector + a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(b, + &a); + a = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, + &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector(a_minus_b, zeta_r); + return + ( + (__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + .fst = a, + .snd = b + } + ); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + size_t layer +) +{ + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) + { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) + { + size_t j = i; + __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[j], + re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t j = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], + (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static libcrux_ml_kem_vector_portable_PortableVector +decompress_1__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_PortableVector v +) +{ + return + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + uint8_t serialized[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = decompress_1__libcrux_ml_kem_vector_portable_PortableVector(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector + tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector + tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, + &tmp); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, + message, + result); + return result; +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +compress___10int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +compress___11int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return compress___11int32_t(v); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U] +) +{ + uint8_t serialized[352U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)352U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U] +) +{ + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[4U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +compress___4int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +compress___4int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + compress___4int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +compress___5int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int16_t + uu____0 = + libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, + (uint16_t)v.elements[i0]); + v.elements[i0] = uu____0; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +compress___5int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice serialized +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficients = + compress___5int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5(coefficients, + bytes); + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice out +) +{ + compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1536U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[4U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[4U]; + memcpy(error_1, + uu____3.fst, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[4U]; + memcpy(uu____5, + u, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___10int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10(bytes); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); + decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___11int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11(bytes); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1568U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); + decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___4int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4(bytes); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_portable_PortableVector v) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) + { + size_t i0 = i; + int32_t + decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); + decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +static libcrux_ml_kem_vector_portable_PortableVector +decompress_ciphertext_coefficient___5int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) +{ + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_portable_PortableVector + uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) + { + size_t i0 = i; + Eurydice_slice + bytes = + Eurydice_slice_subslice(serialized, + ( + (core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)4U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + b +) +{ + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], + (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR4(i, + (size_t)0U, + (size_t)4U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + uint8_t ret[32U] +) +{ + uint8_t serialized[32U] = { 0U }; + KRML_MAYBE_FOR16(i, + (size_t)0U, + (size_t)16U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1(coefficient_compressed, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)32U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *);); + memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, + ciphertext, + (size_t)1408U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1536U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1568U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1600U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[3U], + uint8_t ret[1152U] +) +{ + uint8_t out[1152U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1152U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, + uint8_t ret[1184U] +) +{ + uint8_t public_key_serialized[1184U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)1184U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[3U]; + memcpy(uu____1, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, + public_key_serialized, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[3U]; + memcpy(uu____0, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, + public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +typedef struct PortableHash____3size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } +PortableHash____3size_t; + +static inline PortableHash____3size_t shake128_init_absorb___3size_t(uint8_t input[3U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + memcpy(uu____1, + state, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + PortableHash____3size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][504U]) +{ + uint8_t out[3U][504U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( + uint8_t randomness[3U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void +shake128_squeeze_block___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][168U]) +{ + uint8_t out[3U][168U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( + uint8_t randomness[3U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + size_t sampled_coefficients[3U] = { 0U }; + int16_t out[3U][272U] = { { 0U } }; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U][3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); + KRML_MAYBE_FOR3(i0, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[3U][34U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + fst[3U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) +{ + uint8_t out[3U][128U] = { { 0U } }; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[3U]; + memcpy(uu____2, + re_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[3U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, + domain_separator).fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[3U]; + memcpy(uu____4, + t_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[3U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[2400U] +) +{ + uint8_t out[2400U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)2400U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[3U]; + memcpy(uu____2, + error_1, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, + message, + result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U] +) +{ + uint8_t serialized[320U] = { 0U }; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + coefficient = + compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11(coefficient, + bytes); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)320U, + serialized, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U] +) +{ + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t(re, + uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[3U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice out +) +{ + compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, + (size_t)1152U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[3U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[3U]; + memcpy(error_1, + uu____3.fst, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[3U]; + memcpy(uu____5, + u, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector(serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)1088U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_slice serialized +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector(serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)3U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR3(i, + (size_t)0U, + (size_t)3U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, + ciphertext, + (size_t)960U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)1152U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)1184U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)1120U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[2U], + uint8_t ret[768U] +) +{ + uint8_t out[768U] = { 0U }; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = key[i0]; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)768U, + out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + } + memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, + uint8_t ret[800U] +) +{ + uint8_t public_key_serialized[800U] = { 0U }; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)800U, + public_key_serialized, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[2U]; + memcpy(uu____1, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, + public_key_serialized, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + seed_for_a, + uint8_t, + void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); +} + +bool +libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[2U]; + memcpy(uu____0, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(uu____0, + Eurydice_array_to_subslice_from((size_t)800U, + public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + public_key_serialized); + return + core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, + public_key, + public_key_serialized, + uint8_t, + uint8_t, + bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) +{ + uint8_t digest[64U] = { 0U }; + libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +typedef struct PortableHash____2size_t_s +{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } +PortableHash____2size_t; + +static inline PortableHash____2size_t shake128_init_absorb___2size_t(uint8_t input[2U][34U]) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; + memcpy(uu____1, + state, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + PortableHash____2size_t lit; + memcpy(lit.shake128_state, + uu____1, + (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + return lit; +} + +static inline void +shake128_squeeze_three_blocks___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][504U]) +{ + uint8_t out[2U][504U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( + uint8_t randomness[2U][504U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)504U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static inline void +shake128_squeeze_block___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][168U]) +{ + uint8_t out[2U][168U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + *uu____0 = &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( + uint8_t randomness[2U][168U], + size_t *sampled_coefficients, + int16_t (*out)[272U] +) +{ + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) + { + size_t r = i; + if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)168U, + randomness[i1], + ( + (core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + size_t + sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, + Eurydice_array_to_subslice((size_t)272U, + out[i1], + ( + (core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U + } + ), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) + { + sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } + else + { + done = false; + }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + int16_t s[272U] +) +{ + return + from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, + s, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), + int16_t, + core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + size_t sampled_coefficients[2U] = { 0U }; + int16_t out[2U][272U] = { { 0U } }; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + PortableHash____2size_t xof_state = shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); + bool + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t(uu____1, + sampled_coefficients, + out); + while (true) + { + if (!!done) + { + break; + } + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t(uu____2, + sampled_coefficients, + out); + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); + memcpy(ret, + ret0, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uint8_t seed[34U], + bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U][2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); + KRML_MAYBE_FOR2(i0, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); + uint8_t seeds[2U][34U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, + sampled); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) + { + A_transpose[j][i1] = sample; + } + else + { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, + A_transpose, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U] + )); +} + +typedef struct +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + fst[2U]; + uint8_t snd; +} +__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) +{ + uint8_t out[2U][192U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + Eurydice_slice randomness +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector(randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[2U]; + memcpy(uu____2, + re_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, + self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = matrix_A[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, + &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1], + &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], + &error_as_ntt[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed +) +{ + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + (size_t)32U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, + true, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + memcpy(secret_as_ntt, + uu____2.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[2U]; + memcpy(error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, + domain_separator).fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t(A_transpose, + secret_as_ntt, + error_as_ntt, + t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[2U]; + memcpy(uu____4, + t_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(uu____4, + seed_for_A, + public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[2U]; + memcpy(uu____5, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t(uu____5, + secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + Eurydice_slice private_key, + Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, + uint8_t ret[1632U] +) +{ + uint8_t out[1632U] = { 0U }; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____0, + ( + (core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + private_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____3, + ( + (core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + public_key, + uint8_t, + void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice + uu____6 = + Eurydice_array_to_subslice((size_t)1632U, + out, + ( + (core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice(uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, + void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, + uu____7, + ( + (core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + implicit_rejection_value, + uint8_t, + void *); + memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U] +) +{ + Eurydice_slice + ind_cpa_keypair_randomness = + Eurydice_array_to_subslice((size_t)64U, + randomness, + ( + (core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + Eurydice_slice + implicit_rejection_value = + Eurydice_array_to_subslice_from((size_t)64U, + randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t, + Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ + uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), + implicit_rejection_value, + secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); + return + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(public_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + ring_element = + Eurydice_slice_subslice(public_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy(ret, + deserialized_pk, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + void +) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) +{ + uint8_t out[2U][128U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256(uu____0, + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uint8_t prf_input[33U], + uint8_t domain_separator +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_outputs[i0], + uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[2U]; + memcpy(uu____2, + error_1, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + lit; + memcpy(lit.fst, + uu____2, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) +{ + uint8_t digest[128U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t0(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re +) +{ + size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re, + (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i0 = (size_t)0U; + i0 + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], + size_t); + i0++) + { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *row = a_as_ntt[i1]; + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1], + &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + } + memcpy(ret, + result, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], + &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, + message, + result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[2U], + Eurydice_slice out +) +{ + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, + input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) + { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = input[i0]; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out, + ( + (core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t(&re, + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, + (size_t)768U, + uint8_t, + size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice + seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, + false, + A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, + 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[2U]; + memcpy(r_as_ntt, + uu____1.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, + domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[2U]; + memcpy(error_1, + uu____3.fst, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, + prf_input, + uint8_t, + Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, + prf_output, + uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t(A_transpose, + r_as_ntt, + error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t(t_as_ntt, + r_as_ntt, + &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = { 0U }; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[2U]; + memcpy(uu____5, + u, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t(uu____6, + Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U] +) +{ + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + randomness, + uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice_from((size_t)64U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + size_t, + Eurydice_slice); + uint8_t ret[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + uint8_t hashed[64U]; + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice + uu____2 = + Eurydice_array_to_slice((size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), + uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, + uu____3, + pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = { 0U }; + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, + shared_secret_array, + uint8_t, + Eurydice_slice), + shared_secret, + uint8_t, + void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t + uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, + ciphertext, + uint8_t, + Eurydice_slice), + uint8_t, + size_t) + / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); + i++) + { + size_t i0 = i; + Eurydice_slice + u_bytes = + Eurydice_array_to_subslice((size_t)768U, + ciphertext, + ( + (core_ops_range_Range__size_t){ + .start = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), + .end = i0 + * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(&u_as_ntt[i0]); + } + memcpy(ret, + u_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t1(void) +{ + return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for + (size_t + i = (size_t)0U; + i + < + core_slice___Slice_T___len(secret_key, + uint8_t, + size_t) + / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) + { + size_t i0 = i; + Eurydice_slice + secret_bytes = + Eurydice_slice_subslice(secret_key, + ( + (core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 + * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy(ret, + secret_as_ntt, + (size_t)2U + * + sizeof ( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + )); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], + &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result); + result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U] +) +{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t(ciphertext, + u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = + deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, + ciphertext, + (size_t)640U, + uint8_t, + size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t(secret_key, + secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&v, + secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) +{ + uint8_t digest[32U] = { 0U }; + libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, + digest, + uint8_t, + Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +} + +void +libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U] +) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, + private_key->value, + uint8_t, + Eurydice_slice), + (size_t)768U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at(secret_key0, + (size_t)800U, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____2 = + core_slice___Slice_T___split_at(secret_key, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, + ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, + decrypted, + uint8_t, + Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice), + ind_cpa_public_key_hash, + uint8_t, + void *); + uint8_t hashed[64U]; + G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____3 = + core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, + hashed, + uint8_t, + Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); + Eurydice_slice + uu____4 = + Eurydice_array_to_subslice_from((size_t)800U, + to_hash, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, + size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), + uint8_t, + void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, + uu____6, + pseudorandomness, + expected_ciphertext); + Eurydice_slice + uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); + uint8_t + selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), + selector, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); +} + diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h new file mode 100644 index 000000000..665a98126 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -0,0 +1,418 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem_portable_H +#define __libcrux_mlkem_portable_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_internal.h" +#include "libcrux_sha3.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) + +typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { int16_t elements[16U]; } +libcrux_ml_kem_vector_portable_PortableVector; + +libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( + void +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + Eurydice_slice array +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_portable_PortableVector v); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_PortableVector v +); + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) + +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_portable_PortableVector v); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_PortableVector v +); + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) + +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); + +int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t c +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t r +); + +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_portable_PortableVector v); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_PortableVector v +); + +uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); + +int16_t +libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta0, + int16_t zeta1 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector v, + int16_t zeta +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_PortableVector a, + int16_t zeta +); + +typedef struct K___int16_t_int16_t_s +{ + int16_t fst; + int16_t snd; +} +K___int16_t_int16_t; + +K___int16_t_int16_t +libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, + K___int16_t_int16_t _0, + int16_t zeta +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_ntt_multiply( + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3 +); + +void +libcrux_ml_kem_vector_serialize_1( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[2U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[2U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_serialize_4( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[8U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[8U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_serialize_5( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[10U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[10U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_serialize_10( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[20U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[20U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_serialize_11( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[22U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[22U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + Eurydice_slice a +); + +void +libcrux_ml_kem_vector_serialize_12( + libcrux_ml_kem_vector_portable_PortableVector v, + uint8_t ret[24U] +); + +void +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_PortableVector a, + uint8_t ret[24U] +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + Eurydice_slice a +); + +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); + +size_t +libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + Eurydice_slice a, + Eurydice_slice out +); + +libcrux_ml_kem_vector_portable_PortableVector +libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( + libcrux_ml_kem_vector_portable_PortableVector *self +); + +typedef struct +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s +{ libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; } +libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_portable_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h new file mode 100644 index 000000000..7a55e8bf5 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_platform_H +#define __libcrux_platform_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_platform_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h new file mode 100644 index 000000000..d7cdba78b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -0,0 +1,118 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_sha3_H +#define __libcrux_sha3_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_sha3_internal.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +static inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); +} + +static inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); +} + +static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); +} + +static inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); +} + +static inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); +} + +static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha224(digest, payload); +} + +static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) +{ + uint8_t out[28U] = { 0U }; + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +} + +static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha256(digest, payload); +} + +static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) +{ + uint8_t out[32U] = { 0U }; + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +} + +static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha384(digest, payload); +} + +static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) +{ + uint8_t out[48U] = { 0U }; + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +} + +static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) +{ + libcrux_sha3_portable_sha512(digest, payload); +} + +static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) +{ + uint8_t out[64U] = { 0U }; + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), + data); + memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +} + +static inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) +{ + Eurydice_slice buf0[1U] = { data }; + Eurydice_slice buf[1U] = { digest }; + libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); +} + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c new file mode 100644 index 000000000..d7a2ff7c5 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -0,0 +1,123 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_sha3_avx2.h" + +#include "internal/libcrux_core.h" + +inline void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_avx2_x4_incremental_shake128_init(void) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +) +{ + Prims_string + buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; + Eurydice_slice + uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, + Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, + void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); +} + diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h new file mode 100644 index 000000000..1889ad419 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -0,0 +1,75 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_sha3_avx2_H +#define __libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_avx2.h" + +#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +void +libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice input2, + Eurydice_slice input3, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} +libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_avx2_x4_incremental_shake128_init(void); + +void +libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice data0, + Eurydice_slice data1, + Eurydice_slice data2, + Eurydice_slice data3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, + Eurydice_slice out0, + Eurydice_slice out1, + Eurydice_slice out2, + Eurydice_slice out3 +); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h new file mode 100644 index 000000000..f8ef58186 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -0,0 +1,3003 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_sha3_internal_H +#define __libcrux_sha3_internal_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "libcrux_core.h" +#include "eurydice_glue.h" + +static const +uint64_t +libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = + { + 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, + 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, + 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, + 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, + 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL + }; + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) +{ + return 0ULL; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + uint64_t ab = a ^ b; + uint64_t cd = c ^ d; + uint64_t abcd = ab ^ cd; + return abcd ^ e; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + uint64_t a, + uint64_t b, + uint64_t c, + uint64_t d, + uint64_t e +) +{ + return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; +} + +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) +{ + uint64_t uu____0 = a; + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) +{ + return a ^ (b & ~c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + uint64_t a, + uint64_t b, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); +} + +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) +{ + return a ^ c; +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + uint64_t a, + uint64_t c +) +{ + return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + uint64_t a, + uint64_t b +) +{ + return a ^ b; +} + +static inline void +libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + ret[0U] = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + Eurydice_slice a[1U], + size_t start, + size_t len, + Eurydice_slice ret[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[1U]; + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) +{ + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out[0U], + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; + lit.fst[0U] = out00; + lit.snd[0U] = out01; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + Eurydice_slice a[1U], + size_t mid +) +{ + return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); +} + +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s +{ uint64_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; + +static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t +libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( + void +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; + lit.st[0U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[0U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[1U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[2U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[3U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][0U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][1U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][2U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][3U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + lit.st[4U][4U] = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + return lit; +} + +static inline void +libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline uint64_t +libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) +{ + return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; +} + +static inline uint64_t +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) +{ + uint64_t ab = a ^ b; + return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); +} + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + uint64_t a, + uint64_t b +) +{ + return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], + s->st[1U][0U], + s->st[2U][0U], + s->st[3U][0U], + s->st[4U][0U]); + uint64_t + uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], + s->st[1U][1U], + s->st[2U][1U], + s->st[3U][1U], + s->st[4U][1U]); + uint64_t + uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], + s->st[1U][2U], + s->st[2U][2U], + s->st[3U][2U], + s->st[4U][2U]); + uint64_t + uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], + s->st[1U][3U], + s->st[2U][3U], + s->st[3U][3U], + s->st[4U][3U]); + uint64_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + uint64_t + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U + + (size_t)4U) + % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U + + (size_t)4U) + % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U + + (size_t)4U) + % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t + uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U + + (size_t)4U) + % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U + + (size_t)4U) + % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + uint64_t + uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], + t[0U]); + s->st[0U][0U] = uu____8; + uint64_t + uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], + t[0U]); + s->st[1U][0U] = uu____9; + uint64_t + uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], + t[0U]); + s->st[2U][0U] = uu____10; + uint64_t + uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], + t[0U]); + s->st[3U][0U] = uu____11; + uint64_t + uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], + t[0U]); + s->st[4U][0U] = uu____12; + uint64_t + uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], + t[1U]); + s->st[0U][1U] = uu____13; + uint64_t + uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], + t[1U]); + s->st[1U][1U] = uu____14; + uint64_t + uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], + t[1U]); + s->st[2U][1U] = uu____15; + uint64_t + uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], + t[1U]); + s->st[3U][1U] = uu____16; + uint64_t + uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], + t[1U]); + s->st[4U][1U] = uu____17; + uint64_t + uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], + t[2U]); + s->st[0U][2U] = uu____18; + uint64_t + uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], + t[2U]); + s->st[1U][2U] = uu____19; + uint64_t + uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], + t[2U]); + s->st[2U][2U] = uu____20; + uint64_t + uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], + t[2U]); + s->st[3U][2U] = uu____21; + uint64_t + uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], + t[2U]); + s->st[4U][2U] = uu____22; + uint64_t + uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], + t[3U]); + s->st[0U][3U] = uu____23; + uint64_t + uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], + t[3U]); + s->st[1U][3U] = uu____24; + uint64_t + uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], + t[3U]); + s->st[2U][3U] = uu____25; + uint64_t + uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], + t[3U]); + s->st[3U][3U] = uu____26; + uint64_t + uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], + t[3U]); + s->st[4U][3U] = uu____27; + uint64_t + uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], + t[4U]); + s->st[0U][4U] = uu____28; + uint64_t + uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], + t[4U]); + s->st[1U][4U] = uu____29; + uint64_t + uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], + t[4U]); + s->st[2U][4U] = uu____30; + uint64_t + uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], + t[4U]); + s->st[3U][4U] = uu____31; + uint64_t + uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], + t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void +libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + uint64_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void +libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + uint64_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t i1 = i0; + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t j = i; + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void +libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + size_t i +) +{ + uint64_t + uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], + libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___168size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, + out); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)168U, + (size_t)168U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___104size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)104U, + (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___144size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)144U, + (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 31U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___136size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)136U, + (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)136U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)136U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); +} + +static inline void +libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], + Eurydice_slice blocks[1U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret); + uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + uint64_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U] +) +{ + uint64_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, + uu____1); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t blocks[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t b[1U][200U] +) +{ + uint64_t (*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = { { 0U } }; + { + size_t i = (size_t)0U; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + blocks[i][last_len] = 6U; + blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + } + uint64_t (*uu____1)[5U] = s->st; + uint8_t uu____2[1U][200U]; + memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, + uu____2); + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); +} + +static inline void +libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) + { + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t out[200U] = { 0U }; + uint64_t (*uu____0)[5U] = s; + Eurydice_slice + buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; + libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); + uint8_t uu____1[200U]; + memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + uint64_t (*a)[5U], + uint8_t ret[1U][200U] +) +{ + uint8_t ret0[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + uint64_t (*a)[5U], + Eurydice_slice b[1U] +) +{ + libcrux_sha3_portable_keccak_store_block___72size_t(a, b); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, + out); +} + +static inline void +libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, + b); + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = out[i]; + uint8_t *uu____1 = b[i]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t + s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, + i0 * (size_t)72U, + (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, + (size_t)72U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ + uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, + (size_t)72U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + } + } +} + +static inline void +libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], + Eurydice_slice out[1U] +) +{ + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); +} + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_internal_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c new file mode 100644 index 000000000..a0b803a00 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -0,0 +1,3689 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_sha3_neon.h" + +#include "internal/libcrux_core.h" + +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) +{ + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e +) +{ + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c +) +{ + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c +) +{ + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) +{ + core_core_arch_arm_shared_neon_uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_constant(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) +{ + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor0(core_core_arch_arm_shared_neon_uint64x2_t a, core_core_arch_arm_shared_neon_uint64x2_t b) +{ + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void +slice_2(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) +{ + Eurydice_slice + uu____0 = + Eurydice_slice_subslice(a[0U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = + Eurydice_slice_subslice(a[1U], + ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void +slice_n(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) +{ + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____0 = + core_slice___Slice_T___split_at_mut(out0, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t + uu____1 = + core_slice___Slice_T___split_at_mut(out1, + mid, + uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) +{ + return split_at_mut_2(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void +load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, + x, + core_core_arch_arm_shared_neon_uint64x2_t); + return + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, + x, + core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b +) +{ + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void +theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t + c[5U] = + { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], + s->st[1U][4U], + s->st[2U][4U], + s->st[3U][4U], + s->st[4U][4U]) + }; + core_core_arch_arm_shared_neon_uint64x2_t + uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + t[5U] = + { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U]) + }; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t + uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t + uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t + uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t + uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t + uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t + uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t + uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t + uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t + uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t + uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t + uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t + uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t + uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t + uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t + uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t + uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t + uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t + uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t + uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t + uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t + uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t + uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t + uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t + uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void +pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, + s->st, + old, + core_core_arch_arm_shared_neon_uint64x2_t [5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void +chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_arm_shared_neon_uint64x2_t [5U])); + KRML_MAYBE_FOR5(i0, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t i1 = i0; + KRML_MAYBE_FOR5(i, + (size_t)0U, + (size_t)5U, + (size_t)1U, + size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = + and_not_xor(s->st[i1][j], + old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void +iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + size_t i +) +{ + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s +) +{ + for (size_t i = (size_t)0U; i < (size_t)24U; i++) + { + size_t i0 = i; + theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___72size_t(uu____0, buf); +} + +static inline void +load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___72size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) + { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(s, o1); + } + } +} + +static inline void +keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[64U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice) }; + keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void +load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___136size_t(uu____0, buf); +} + +static inline void +load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, o1); + } + } +} + +static inline void +keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____0, out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[32U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice) }; + keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) + { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, o1); + } + } +} + +static inline void +keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____0, out); +} + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf0[2U] = { input0, input1 }; + Eurydice_slice buf[2U] = { out0, out1 }; + keccakx2___136size_t_31uint8_t(buf0, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +KeccakState2; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_shake128_init(void) +{ + return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void +load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___168size_t(uu____0, buf); +} + +static inline void +load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice data0, + Eurydice_slice data1 +) +{ + Eurydice_slice buf[2U] = { data0, data1 }; + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t(s, buf); +} + +static inline void +store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf[2U] = { out0, out1 }; + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___168size_t0(s->st, out); +} + +static inline void +squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____0 = split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____1 = split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o2); +} + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +) +{ + Eurydice_slice buf[2U] = { out0, out1 }; + squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, + buf); +} + +static inline void +load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___144size_t(uu____0, buf); +} + +static inline void +load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___144size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) + { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(s, o1); + } + } +} + +static inline void +keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[28U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice) }; + keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void +load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____1 = + libcrux_intrinsics_arm64__veorq_u64(uu____0, + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t + uu____2 = + s[((size_t)2U * i0 + (size_t)1U) + / (size_t)5U][((size_t)2U * i0 + (size_t)1U) + % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t + uu____3 = + libcrux_intrinsics_arm64__veorq_u64(uu____2, + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = { 0U }; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2(&dst0, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, + ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, + uint8_t [8U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, + ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t + uvec = + libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, + u, + uint64_t, + Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t + uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void +load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice blocks[2U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice + uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = + { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; + load_block___104size_t(uu____0, buf); +} + +static inline void +load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t b[2U][200U] +) +{ + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice last[2U] +) +{ + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = { { 0U } }; + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice + uu____0 = + Eurydice_array_to_subslice((size_t)200U, + blocks[i0], + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U] +) +{ + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) + { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t + v0 = + libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t + v1 = + libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U + * i0 + / (size_t)5U][(size_t)2U + * i0 + % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], + ( + (core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U) + } + ), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) + { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = { 0U }; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice + uu____1 = + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____1, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + Eurydice_slice + uu____2 = + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____2, + Eurydice_array_to_subslice((size_t)16U, + u, + ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *); + } +} + +static inline void +store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t out0[200U] = { 0U }; + uint8_t out1[200U] = { 0U }; + core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); +} + +static inline void +store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + uint8_t ret[2U][200U] +) +{ + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], + Eurydice_slice b[2U] +) +{ + store_block___104size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, + Eurydice_slice out[2U] +) +{ + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + KRML_MAYBE_FOR2(i, + (size_t)0U, + (size_t)2U, + (size_t)1U, + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice(uu____0, + Eurydice_array_to_subslice((size_t)200U, + uu____1, + lit, + uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, + void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], + Eurydice_slice out[2U] +) +{ + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for + (size_t + i = (size_t)0U; + i + < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) + { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(uu____0, ret); + } + size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) + { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, out); + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, o0); + core_ops_range_Range__size_t + iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( + (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } + ), + core_ops_range_Range__size_t, + core_ops_range_Range__size_t); + while (true) + { + if + ( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, + size_t, + core_option_Option__size_t).tag + == core_option_None + ) + { + break; + } + else + { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); + } + } + if (last < outlen) + { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(s, o1); + } + } +} + +static inline void +keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) +{ + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____0, out); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) +{ + uint8_t dummy[48U] = { 0U }; + Eurydice_slice uu____0[2U] = { data, data }; + Eurydice_slice uu____1 = digest; + Eurydice_slice + buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice) }; + keccakx2___104size_t_6uint8_t(uu____0, buf); +} + diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h new file mode 100644 index 000000000..921691e48 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -0,0 +1,71 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc + F* version: b5cb71b8 + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_sha3_neon_H +#define __libcrux_sha3_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "intrinsics/libcrux_intrinsics_arm64.h" + +#include "libcrux_sha3_internal.h" +#include "libcrux_core.h" +#include "eurydice_glue.h" + +typedef struct +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s +{ core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); + +void +libcrux_sha3_neon_x2_shake256( + Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1 +); + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_shake128_init(void); + +void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice data0, + Eurydice_slice data1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, + Eurydice_slice out0, + Eurydice_slice out1 +); + +void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); + +void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_neon_H_DEFINED +#endif From dad7ccc50cb7d9c8b31bf52fe9d5c99ee153324e Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 16:08:39 -0700 Subject: [PATCH 14/74] Refresh for AVX2 --- libcrux-ml-kem/c.sh | 2 + libcrux-ml-kem/c/CMakeLists.txt | 28 +- libcrux-ml-kem/c/eurydice_glue.h | 4 + libcrux-ml-kem/c/internal/libcrux_core.h | 283 +- .../c/internal/libcrux_mlkem_avx2.h | 77 + .../c/internal/libcrux_mlkem_neon.h | 94 - .../c/internal/libcrux_mlkem_portable.h | 98 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 38 + .../c/internal/libcrux_sha3_internal.h | 357 +- libcrux-ml-kem/c/libcrux_core.c | 540 +- libcrux-ml-kem/c/libcrux_core.h | 161 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 225 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 107 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 55 + libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 41 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 77 - libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 45 - libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 86 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 30 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 222 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 105 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 164 + libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 91 + libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 223 - libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 113 - libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 251 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 106 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 225 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 105 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 55 + libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 41 + libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 77 - libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 45 - libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 86 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 30 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 7623 ++++++++++ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 294 + libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9690 ------------ libcrux-ml-kem/c/libcrux_mlkem_neon.h | 418 - libcrux-ml-kem/c/libcrux_mlkem_portable.c | 12268 +++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 348 +- libcrux-ml-kem/c/libcrux_platform.c | 5 + libcrux-ml-kem/c/libcrux_platform.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 120 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2119 ++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 83 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2961 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3858 +---- libcrux-ml-kem/c/libcrux_sha3_neon.h | 60 +- 49 files changed, 18977 insertions(+), 25165 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index fdd1dba86..1017995a1 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -52,6 +52,8 @@ mkdir -p c cd c rm -rf *.c *.h +# HAND_WRITTEN FILE +git checkout libcrux_platform.c rm -rf internal/*.h echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index ce387e474..ef65b149d 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -37,18 +37,20 @@ file(GLOB SOURCES ${PROJECT_SOURCE_DIR}/libcrux_mlkem512.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024.c + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_portable.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_portable.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_portable.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_portable.c - ${PROJECT_SOURCE_DIR}/libcrux_polynomial.c ) file(GLOB SOURCES_vec128 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_neon.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_neon.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_neon.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_neon.c ${PROJECT_SOURCE_DIR}/libcrux_sha3_neon.c ) file(GLOB SOURCES_vec256 + ${PROJECT_SOURCE_DIR}/libcrux_mlkem_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem512_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem768_avx2.c ${PROJECT_SOURCE_DIR}/libcrux_mlkem1024_avx2.c @@ -65,21 +67,21 @@ add_library(ml_kem SHARED ${SOURCES}) add_library(ml_kem_static STATIC ${SOURCES}) # if(LIBCRUX_VEC256) -# add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -# target_sources(ml_kem_static PRIVATE $) -# target_sources(ml_kem PRIVATE $) -# target_compile_options(ml_kem_vec256 PRIVATE -# -mavx -# -mavx2 -# ) +add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) +target_sources(ml_kem_static PRIVATE $) +target_sources(ml_kem PRIVATE $) +target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 +) # endif() # if(LIBCRUX_VEC128) -add_library(ml_kem_vec128 OBJECT ${SOURCES_vec128}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec128 PRIVATE -) +# add_library(ml_kem_vec128 OBJECT ${SOURCES_vec128}) +# target_sources(ml_kem_static PRIVATE $) +# target_sources(ml_kem PRIVATE $) +# target_compile_options(ml_kem_vec128 PRIVATE +# ) # endif() # --- Tests diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index f798f970b..bd794c456 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -155,9 +155,13 @@ static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { ? ((ret_t){.tag = core_option_None}) \ : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) +// Old name (TODO: remove once everyone has upgraded to the latest Charon) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6deb05bb9..d449e80ba 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_core_H @@ -15,32 +15,30 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( + core_fmt_rt_Argument x0[0U]); -extern core_fmt_Arguments -core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); +extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( + Eurydice_slice x0, Eurydice_slice x1); #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -); +void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]); #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) -#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) +#define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) -#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) @@ -48,205 +46,210 @@ libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -); + uint8_t value[1568U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -); + uint8_t value[3168U]); -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s -{ +typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { uint8_t fst[1536U]; uint8_t snd[1568U]; -} -K___uint8_t_1536size_t__uint8_t_1568size_t_; +} K___uint8_t_1536size_t__uint8_t_1568size_t_; libcrux_ml_kem_types_MlKemCiphertext____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -); + uint8_t value[1568U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self); -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]); libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -); + uint8_t value[1184U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -); + uint8_t value[2400U]); -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s -{ +typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { uint8_t fst[1152U]; uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; +} K___uint8_t_1152size_t__uint8_t_1184size_t_; libcrux_ml_kem_types_MlKemCiphertext____1088size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -); + uint8_t value[1088U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -); - -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); - -typedef struct K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); -typedef struct K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -typedef struct K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -); + uint8_t value[800U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -); + uint8_t value[1632U]); -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s -{ +typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { uint8_t fst[768U]; uint8_t snd[800U]; -} -K___uint8_t_768size_t__uint8_t_800size_t_; +} K___uint8_t_768size_t__uint8_t_800size_t_; libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -); + uint8_t value[768U]); -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -); +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self); uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice lhs, Eurydice_slice rhs); -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +typedef struct + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); +void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]); + +void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]); + +typedef struct + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -); + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); + +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]); + +void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]); + +typedef struct + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]); -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]); +typedef struct + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]); -typedef struct core_option_Option__Eurydice_slice_uint8_t_s -{ +typedef struct + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]); + +typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; +} core_option_Option__Eurydice_slice_uint8_t; -typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; +typedef struct + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -); - -typedef struct K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s -{ - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} -K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + } val; +} core_result_Result__int16_t_16size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U]); + +typedef struct + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..b95276a30 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -0,0 +1,77 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __internal_libcrux_mlkem_avx2_H +#define __internal_libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_avx2.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h deleted file mode 100644 index 5a3e6df8f..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_mlkem_neon_H -#define __internal_libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_core.h" -#include "../libcrux_mlkem_neon.h" -#include "eurydice_glue.h" - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index e740ee1d0..8d67ca22e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -12,83 +12,67 @@ extern "C" { #endif -#include "internal/libcrux_sha3_internal.h" -#include "internal/libcrux_core.h" #include "../libcrux_mlkem_portable.h" #include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_sha3_internal.h" extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; -#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) +#define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h new file mode 100644 index 000000000..405e13161 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -0,0 +1,38 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __internal_libcrux_sha3_avx2_H +#define __internal_libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_sha3_avx2.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + libcrux_sha3_avx2_x4_incremental_KeccakState4; + +void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]); + +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2471ee04f..391656b64 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H @@ -16,70 +16,63 @@ extern "C" { #include "eurydice_glue.h" typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_KeccakState1; + libcrux_sha3_portable_KeccakState1; static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); } -static inline void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); +static inline void libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + s, buf); } static inline void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, buf); } static inline void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o10, (size_t)168U); Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o2); } static inline void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( + s, buf); } #define libcrux_sha3_Sha224 0 @@ -89,191 +82,163 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } } return uu____0; } -static const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; -static const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; static inline void libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o10, (size_t)168U); Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; - memcpy(o20, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o20, - (size_t)168U); + memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o1); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o20, (size_t)168U); Eurydice_slice o2[1U]; - memcpy(o2, uu____2.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; - memcpy(o30, uu____2.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o30, - (size_t)168U); + memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o2); + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o30, (size_t)168U); Eurydice_slice o3[1U]; - memcpy(o3, uu____3.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; - memcpy(o4, uu____3.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o4); + memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + s, o4); } static inline void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t(s, buf); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_t( + s, buf); } static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self) { return self[0U]; } static inline uint32_t libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ + libcrux_sha3_Algorithm v) { uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } + switch (v) { + case libcrux_sha3_Sha224: { + uu____0 = 1U; + break; + } + case libcrux_sha3_Sha256: { + uu____0 = 2U; + break; + } + case libcrux_sha3_Sha384: { + uu____0 = 3U; + break; + } + case libcrux_sha3_Sha512: { + uu____0 = 4U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } } return uu____0; } static inline libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ +libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from( + uint32_t v) { libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch (v) { + case 1U: { + uu____0 = libcrux_sha3_Sha224; + break; + } + case 2U: { + uu____0 = libcrux_sha3_Sha256; + break; + } + case 3U: { + uu____0 = libcrux_sha3_Sha384; + break; + } + case 4U: { + uu____0 = libcrux_sha3_Sha512; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); + } } return uu____0; } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8730222c6..b114068a3 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_core.h" @@ -11,457 +11,399 @@ typedef size_t RangeTo__size_t; typedef size_t RangeFrom__size_t; -typedef struct Option__int32_t_s -{ +typedef struct Option__int32_t_s { core_option_Option__size_t_tags tag; int32_t f0; -} -Option__int32_t; +} Option__int32_t; -typedef struct Option__uint32_t_s -{ +typedef struct Option__uint32_t_s { core_option_Option__size_t_tags tag; uint32_t f0; -} -Option__uint32_t; +} Option__uint32_t; -static uint8_t is_non_zero(uint8_t value) -{ +static uint8_t is_non_zero(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; + uint16_t result = (((uint32_t)uu____0 | + (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & + 0xFFFFU) >> + 8U & + 1U; return (uint8_t)result; } -void -libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - Eurydice_slice lhs, - Eurydice_slice rhs, - uint8_t selector, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, + uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); - uint8_t out[32U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) - { + uint8_t out[32U] = {0U}; + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; + i++) { size_t i0 = i; - uint8_t - uu____0 = (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & (uint32_t)mask; - uint8_t *uu____1 = &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); + uint8_t uu____0 = + (uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)mask; + uint8_t *uu____1 = + &Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t); out[i0] = (uint32_t)uu____0 | ((uint32_t)uu____1[0U] & (uint32_t)~mask); } - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uint8_t value[1568U] -) -{ + uint8_t value[1568U]) { uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uint8_t value[3168U] -) -{ + uint8_t value[3168U]) { uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uint8_t value[1568U] -) -{ + uint8_t value[1568U]) { uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1568U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)1568U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]) -{ - uint8_t out[1600U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1600U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1600U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1600U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uint8_t value[1184U] -) -{ + uint8_t value[1184U]) { uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____1184size_t lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uint8_t value[2400U] -) -{ + uint8_t value[2400U]) { uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____1088size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uint8_t value[1088U] -) -{ + uint8_t value[1088U]) { uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)1088U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)1088U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self -) -{ - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) -{ - uint8_t out[1120U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)1120U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1120U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uint8_t value[800U] -) -{ + uint8_t value[800U]) { uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey____800size_t lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, - libcrux_ml_kem_types_MlKemPublicKey____800size_t pk -) -{ - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk }); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, + libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { + return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ + .sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uint8_t value[1632U] -) -{ + uint8_t value[1632U]) { uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uint8_t value[768U] -) -{ + uint8_t value[768U]) { uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext____768size_t lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof (uint8_t)); + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } -uint8_t -*libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *self -) -{ +uint8_t * +libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *self) { return self->value; } uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - Eurydice_slice lhs, - Eurydice_slice rhs -) -{ + Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < (size_t)768U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)768U; i++) { size_t i0 = i; - uint8_t uu____0 = Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); - r = - (uint32_t)r - | ((uint32_t)uu____0 ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + uint8_t uu____0 = + Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t); + r = (uint32_t)r | + ((uint32_t)uu____0 ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) -{ - uint8_t out[33U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]) { + uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)33U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) -{ - uint8_t out[34U] = { 0U }; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)33U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]) { + uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)34U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)34U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - libcrux_ml_kem_types_MlKemCiphertext____768size_t *self -) -{ - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); + libcrux_ml_kem_types_MlKemCiphertext____768size_t *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, + Eurydice_slice); } -void -libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, uint8_t ret[800U]) -{ - uint8_t out[800U] = { 0U }; +void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)800U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)800U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)800U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - slice, - uint8_t, - void *); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -void -core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, - int16_t ret[16U] -) -{ - if (self.tag == core_result_Ok) - { - int16_t f0[16U]; - memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof (int16_t)); - memcpy(ret, f0, (size_t)16U * sizeof (int16_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)64U, uu____0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); +} + +void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, + int16_t ret[16U]) { + if (self.tag == core_result_Ok) { + int16_t f0[16U]; + memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); + memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); KRML_HOST_EXIT(255U); } } +void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[8U]; + memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 0df3058ed..07f553e38 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_core_H @@ -14,12 +14,10 @@ extern "C" { #include "eurydice_glue.h" -typedef struct core_ops_range_Range__size_t_s -{ +typedef struct core_ops_range_Range__size_t_s { size_t start; size_t end; -} -core_ops_range_Range__size_t; +} core_ops_range_Range__size_t; extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); @@ -30,142 +28,131 @@ extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); typedef uint8_t core_option_Option__size_t_tags; -typedef struct core_option_Option__size_t_s -{ +typedef struct core_option_Option__size_t_s { core_option_Option__size_t_tags tag; size_t f0; -} -core_option_Option__size_t; +} core_option_Option__size_t; static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemPublicKey____1568size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1568size_t_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemPublicKey____1568size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____1568size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } -libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { + uint8_t value[3168U]; +} libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; +} libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { uint8_t value[1568U]; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemCiphertext____1568size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; -typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { uint8_t value[1184U]; } -libcrux_ml_kem_types_MlKemPublicKey____1184size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____1184size_t_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey____1184size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____1184size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } -libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; +} libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { uint8_t value[1088U]; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { + uint8_t value[1088U]; +} libcrux_ml_kem_types_MlKemCiphertext____1088size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; -typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { uint8_t value[800U]; } -libcrux_ml_kem_types_MlKemPublicKey____800size_t; +typedef struct libcrux_ml_kem_types_MlKemPublicKey____800size_t_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey____800size_t; -typedef struct core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s -{ +typedef struct + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t___s { core_option_Option__size_t_tags tag; libcrux_ml_kem_types_MlKemPublicKey____800size_t f0; -} -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; +} core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__; -typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { uint8_t value[1632U]; } -libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; +typedef struct libcrux_ml_kem_types_MlKemPrivateKey____1632size_t_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey____1632size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s -{ +typedef struct libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t_s { libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk; libcrux_ml_kem_types_MlKemPublicKey____800size_t pk; -} -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; +} libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { uint8_t value[768U]; } -libcrux_ml_kem_types_MlKemCiphertext____768size_t; +typedef struct libcrux_ml_kem_types_MlKemCiphertext____768size_t_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext____768size_t; -typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s -{ +typedef struct + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t__s { libcrux_ml_kem_types_MlKemCiphertext____768size_t fst; uint8_t snd[32U]; -} -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; +} K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_; #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; +typedef uint8_t + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; -typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; +typedef struct + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -); +void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, + uint8_t ret[8U]); -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ +typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; +} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ +typedef struct + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s { Eurydice_slice fst[1U]; Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; +} K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index 806b58c57..e2cad594d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -1,203 +1,154 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024.h" #include "internal/libcrux_core.h" -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____0); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____0); - } - else - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ uu____0; - if (libcrux_platform_platform_simd256_support()) - { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ + uu____0; + if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____1 = public_key; uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____1, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); + return uu____0; } return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____1); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____1); + } else if (libcrux_platform_platform_simd128_support()) { uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____2); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____2); + } else { uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____3); + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____3); } return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); } -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { bool uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); + } else if (libcrux_platform_platform_simd128_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t(public_key); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); + } else { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key); + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key); } return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8478e2e63..31fd6b6b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H @@ -12,89 +12,104 @@ extern "C" { #endif -#include "libcrux_platform.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_mlkem512_neon.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) -#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_C1_BLOCK_SIZE_1024 * \ + LIBCRUX_ML_KEM_MLKEM1024_RANK_1024) #define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 ((size_t)5U) -#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM1024_VECTOR_V_COMPRESSION_FACTOR_1024 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_C1_SIZE_1024 + \ + LIBCRUX_ML_KEM_MLKEM1024_C2_SIZE_1024) -#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_T_AS_NTT_ENCODED_SIZE_1024 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM1024_ETA1 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM1024_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM1024_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM1024_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM1024_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM1024_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) +#define LIBCRUX_ML_KEM_MLKEM1024_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) -#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM1024_SECRET_KEY_SIZE_1024 \ + (LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_SECRET_KEY_SIZE_1024 + \ + LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_PUBLIC_KEY_SIZE_1024 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); -void -libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem1024_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c new file mode 100644 index 000000000..894a6e5aa --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#include "libcrux_mlkem1024_avx2.h" + +void libcrux_ml_kem_mlkem1024_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h new file mode 100644 index 000000000..76826f781 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -0,0 +1,41 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_avx2_H +#define __libcrux_mlkem1024_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" + +void libcrux_ml_kem_mlkem1024_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c deleted file mode 100644 index b86a77759..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem1024_neon.h" - -void -libcrux_ml_kem_mlkem1024_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h deleted file mode 100644 index 73b4dfddf..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem1024_neon_H -#define __libcrux_mlkem1024_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem512_neon.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -void -libcrux_ml_kem_mlkem1024_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1024_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 989347491..89def0e0e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,77 +1,55 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" -void -libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem1024_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 3b80960f2..889adcd1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H @@ -12,30 +12,26 @@ extern "C" { #endif -#include "libcrux_mlkem512_portable.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_portable.h" -void -libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem1024_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c index 30acdca01..89cd6e786 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512.c @@ -1,203 +1,153 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512.h" #include "internal/libcrux_core.h" -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____0); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____0); - } - else - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ uu____0; - if (libcrux_platform_platform_simd256_support()) - { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ + uu____0; + if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____1 = public_key; uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____1, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6); + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6); + return uu____0; } return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____1); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____1); + } else if (libcrux_platform_platform_simd128_support()) { uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____2); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____2); + } else { uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____3); + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____3); } return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); } -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { bool uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + public_key); + } else if (libcrux_platform_platform_simd128_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t(public_key); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key); + } else { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key); + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key); } return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); + if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 5141914df..9e99eb873 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_H @@ -12,89 +12,102 @@ extern "C" { #endif -#include "libcrux_platform.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_mlkem512_neon.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ + (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 \ + (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \ + LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); -void -libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem512_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c new file mode 100644 index 000000000..3ecf05aa4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -0,0 +1,164 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#include "libcrux_mlkem512_avx2.h" + +#include "internal/libcrux_mlkem_avx2.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); + } + return uu____0; +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h new file mode 100644 index 000000000..ef22b8ed1 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -0,0 +1,91 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_avx2_H +#define __libcrux_mlkem512_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c deleted file mode 100644 index ee559d69b..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem512_neon.h" - -#include "internal/libcrux_mlkem_neon.h" - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); -} - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(public_key); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(public_key); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(public_key); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h deleted file mode 100644 index dc33f9084..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ /dev/null @@ -1,113 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem512_neon_H -#define __libcrux_mlkem512_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_core.h" -#include "eurydice_glue.h" - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -void -libcrux_ml_kem_mlkem512_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 1259ebf65..f19b1cfda 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,223 +1,164 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); } -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(public_key); +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + public_key); } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None - } - ); + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); } return uu____0; } -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(public_key); +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + public_key); } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - return - libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(public_key); +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + public_key); } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 3e5778778..60635a57b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H @@ -12,98 +12,76 @@ extern "C" { #endif -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); -void -libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem512_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -); - -bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 7f07572a4..5e87a108d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -1,203 +1,154 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____0); - } - else if (libcrux_platform_platform_simd128_support()) - { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____0); - } - else - { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + if (libcrux_platform_platform_simd256_support()) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + } else if (libcrux_platform_platform_simd128_support()) { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + } else { + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, uu____0); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); return; } - memcpy(ret, uu____0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); } -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ uu____0; - if (libcrux_platform_platform_simd256_support()) - { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ + uu____0; + if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____1 = public_key; uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____1, - uu____2); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2); + } else if (libcrux_platform_platform_simd128_support()) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____3, - uu____4); - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4); + } else { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6); + libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6); + return uu____0; } return uu____0; } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ + uint8_t randomness[64U]) { libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____1); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____1); + } else if (libcrux_platform_platform_simd128_support()) { uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____2); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____2); + } else { uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____3); + libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____3); } return uu____0; } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); } -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { bool uu____0; - if (libcrux_platform_platform_simd256_support()) - { + if (libcrux_platform_platform_simd256_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key); - } - else if (libcrux_platform_platform_simd128_support()) - { + libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); + } else if (libcrux_platform_platform_simd128_support()) { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t(public_key); - return uu____0; - } - else - { + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); + } else { uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key); + libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key); } return uu____0; } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index aa62f65ff..7916e6736 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_H @@ -12,89 +12,102 @@ extern "C" { #endif -#include "libcrux_platform.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_mlkem512_neon.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem512_portable.h" +#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void -libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); -void -libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem768_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); -bool -libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key -); +bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c new file mode 100644 index 000000000..cccf06957 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#include "libcrux_mlkem768_avx2.h" + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h new file mode 100644 index 000000000..e15872cb4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -0,0 +1,41 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_avx2_H +#define __libcrux_mlkem768_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c deleted file mode 100644 index c9dd6730d..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem768_neon.h" - -void -libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) -{ - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); - } - return uu____0; -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h deleted file mode 100644 index 4edf95c59..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_neon_H -#define __libcrux_mlkem768_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_mlkem512_neon.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -void -libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index e0363174d..0ef5f5d17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,77 +1,55 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" -void -libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ +void libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(private_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) -{ +libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); } core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -) -{ - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ uu____0; - if - ( - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t(public_key.value) - ) - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, - .f0 = public_key - } - ); - } - else - { - uu____0 = - ( - (core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None - } - ); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); } return uu____0; } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index d5b0efcba..78ac0fdb0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H @@ -12,30 +12,26 @@ extern "C" { #endif -#include "libcrux_mlkem512_portable.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_portable.h" -void -libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -); +void libcrux_ml_kem_mlkem768_portable_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key -); + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c new file mode 100644 index 000000000..21208bcad --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -0,0 +1,7623 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" + +typedef core_core_arch_x86___m256i SIMD256Vector; + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i uu____0 = vector; + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i uu____0 = vector; + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + uu____0, libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + uu____1, libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, + (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, + (int8_t)0, (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)16U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____15, libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - + (int16_t)1)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + uint8_t uu____0 = + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____2 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____3 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____5 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____7 = + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____8 = + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____10 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____11 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____12 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____14 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____16, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, + (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)10U, .end = (size_t)26U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)4U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 13U, + 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) { + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof(int16_t)); + return lit; +} + +inline void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]) { + uint8_t result[22U] = {0U}; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | + (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | + (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | + (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector input = + libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) { + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector result = + libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____5 = + uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____12 = + uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____17 = + &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____23 = + uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____30 = + uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, + uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, + uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]) { + memcpy(ret, v.elements, (size_t)16U * sizeof(int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector output = + libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_array_to_slice((size_t)16U, ret, int16_t, Eurydice_slice)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)28U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, + 11U, 11U, 10U, 9U, 8U, + 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice( + output, + ((core_ops_range_Range__size_t){.start = sampled_count, + .end = sampled_count + (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self) { + return self[0U]; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline core_core_arch_x86___m256i shift_right___15int32_t( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i shift_right___15int32_t0( + core_core_arch_x86___m256i vector) { + return shift_right___15int32_t(vector); +} + +static core_core_arch_x86___m256i +to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right___15int32_t0(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], + uint8_t(*)[168U], uint8_t[168U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____9 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); + return uu____0; +} + +static inline void ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +static core_core_arch_x86___m256i +montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, fer); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, + zeta_r); + b = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static core_core_arch_x86___m256i +to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + self->coefficients[j]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static core_core_arch_x86___m256i +decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i uu____0 = + decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &tmp); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___10int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___10int32_t(vector); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___10int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___11int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___11int32_t(vector); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___11int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___4int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___4int32_t(vector); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___4int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___5int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___5int32_t(vector); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = compress___5int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___10int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___11int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___4int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___4int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___5int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___5int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___10int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___11int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; + uint8_t dummy_out1[504U] = {0U}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; + uint8_t dummy_out1[168U] = {0U}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t dummy_out0[192U] = {0U}; + uint8_t dummy_out1[192U] = {0U}; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], + Eurydice_slice), + (size_t)1U, uint8_t[192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + uint8_t dummy_out1[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { + return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..e4349f2b1 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -0,0 +1,294 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 + */ + +#ifndef __libcrux_mlkem_avx2_H +#define __libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_avx2_portable_PortableVector; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, Eurydice_slice output); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self); + +typedef struct + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c deleted file mode 100644 index c7a62ef71..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ /dev/null @@ -1,9690 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_core.h" - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0) - } - ); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) -{ - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; - core_core_arch_arm_shared_neon_int16x8_t - c0 = - libcrux_intrinsics_arm64__vandq_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; - core_core_arch_arm_shared_neon_int16x8_t - c1 = - libcrux_intrinsics_arm64__vandq_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t - vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, - LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t - vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t - quotient = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, - vec0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - sub = - libcrux_intrinsics_arm64__vmulq_n_s16(quotient, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); - v.high = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high -) -{ - core_core_arch_arm_shared_neon_int16x8_t - k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vmulq_n_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t - c = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - int16_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - v.low = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.low, - c); - v.high = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t(v.high, - c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_int16x8_t - half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t - quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t - shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t - mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive = libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t - shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - shifted0, - core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t - shifted_to_positive0 = libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t - shifted_positive_in_range0 = libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vshrq_n_u16((int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); -} - -inline int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits) -{ - int16_t uu____0; - switch (coefficient_bits) - { - case 4: - { - uu____0 = (int16_t)15; - break; - } - case 5: - { - uu____0 = (int16_t)31; - break; - } - case 10: - { - uu____0 = (int16_t)1023; - break; - } - case 11: - { - uu____0 = (int16_t)2047; - break; - } - default: - { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c -) -{ - core_core_arch_arm_shared_neon_int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t - v_high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, zeta3, zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, zeta); - core_core_arch_arm_shared_neon_int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - t = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int32x4_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step(a, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -) -{ - int16_t zetas[8U] = { zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t - b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t - b = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta); - core_core_arch_arm_shared_neon_int64x2_t - uu____2 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn1q_s64(uu____2, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t - uu____3 = libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64(libcrux_intrinsics_arm64__vtrn2q_s64(uu____3, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -) -{ - core_core_arch_arm_shared_neon_int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t - b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(b_minus_a, zeta0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - int16_t zetas[8U] = { zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4 }; - core_core_arch_arm_shared_neon_int16x8_t - zeta = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - zetas, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t - a1b1 = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, b1); - core_core_arch_arm_shared_neon_int16x4_t - uu____0 = libcrux_intrinsics_arm64__vget_low_s16(a1b1); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____0, - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t - a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____2 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int16x8_t - fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____1, - uu____2, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, - a0, - b0)); - core_core_arch_arm_shared_neon_int16x4_t uu____3 = libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_low = - libcrux_intrinsics_arm64__vmull_s16(uu____3, - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t - a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____5 = libcrux_intrinsics_arm64__vget_low_s16(a1); - core_core_arch_arm_shared_neon_int16x8_t - snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_s16(uu____4, - uu____5, - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t - snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, - a1, - b0)); - core_core_arch_arm_shared_neon_int16x8_t - fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - fst_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - snd_high16 = libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t - fst = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t - snd = libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t(snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn1q_s32(low0, - high0)); - core_core_arch_arm_shared_neon_int16x8_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32(libcrux_intrinsics_arm64__vtrn2q_s32(low0, - high0)); - uint8_t - indexes[16U] = { 0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U }; - core_core_arch_arm_shared_neon_uint8x16_t - index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), - index)); - core_core_arch_arm_shared_neon_int16x8_t - high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), - index)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low2, .high = high2 }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -) -{ - return - libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply(lhs, - rhs, - zeta1, - zeta2, - zeta3, - zeta4); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[2U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t - high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[2U] -) -{ - uint8_t ret0[2U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) -{ - core_core_arch_arm_shared_neon_int16x8_t - one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t - low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)0U, - uint8_t, - uint8_t *, - uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t - high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index(a, - (size_t)1U, - uint8_t, - uint8_t *, - uint8_t)); - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, - (int16_t)-7 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t - low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t - high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vandq_s16(low, one); - return - ( - (libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vandq_s16(high, one) - } - ); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[8U] -) -{ - int16_t - shifter[8U] = - { - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, - (int16_t)12 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifter, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - lowt = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), - shift); - core_core_arch_arm_shared_neon_uint16x8_t - hight = - libcrux_intrinsics_arm64__vshlq_u16(libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), - shift); - uint64_t - sum0 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t - sum1 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t - sum2 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t - sum3 = - (uint64_t)libcrux_intrinsics_arm64__vaddv_u16(libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[8U] -) -{ - uint8_t ret0[8U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) -{ - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t [8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t input = core_num__u64_9__from_le_bytes(ret); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input & 15ULL); - low[1U] = (int16_t)(input >> 4U & 15ULL); - low[2U] = (int16_t)(input >> 8U & 15ULL); - low[3U] = (int16_t)(input >> 12U & 15ULL); - low[4U] = (int16_t)(input >> 16U & 15ULL); - low[5U] = (int16_t)(input >> 20U & 15ULL); - low[6U] = (int16_t)(input >> 24U & 15ULL); - low[7U] = (int16_t)(input >> 28U & 15ULL); - high[0U] = (int16_t)(input >> 32U & 15ULL); - high[1U] = (int16_t)(input >> 36U & 15ULL); - high[2U] = (int16_t)(input >> 40U & 15ULL); - high[3U] = (int16_t)(input >> 44U & 15ULL); - high[4U] = (int16_t)(input >> 48U & 15ULL); - high[5U] = (int16_t)(input >> 52U & 15ULL); - high[6U] = (int16_t)(input >> 56U & 15ULL); - high[7U] = (int16_t)(input >> 60U & 15ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t ret[16U] -) -{ - int16_t out[16U] = { 0U }; - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16(Eurydice_array_to_subslice((size_t)16U, - out, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof (int16_t)); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[10U] -) -{ - uint8_t res[10U] = { 0U }; - int16_t out[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); - res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); - res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); - res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); - res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); - res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); - res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | out[(size_t)8U + (size_t)1U] << 5U); - res[6U] = - (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | out[(size_t)8U + (size_t)2U] << 2U) - | out[(size_t)8U + (size_t)3U] << 7U); - res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | out[(size_t)8U + (size_t)4U] << 4U); - res[8U] = - (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | out[(size_t)8U + (size_t)5U] << 1U) - | out[(size_t)8U + (size_t)6U] << 6U); - res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | out[(size_t)8U + (size_t)7U] << 3U); - memcpy(ret, res, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[10U] -) -{ - uint8_t ret0[10U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)8U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____1[8U]; - memcpy(uu____1, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); - uint8_t input1[8U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(low64 & 31ULL); - low[1U] = (int16_t)(low64 >> 5U & 31ULL); - low[2U] = (int16_t)(low64 >> 10U & 31ULL); - low[3U] = (int16_t)(low64 >> 15U & 31ULL); - low[4U] = (int16_t)(low64 >> 20U & 31ULL); - low[5U] = (int16_t)(low64 >> 25U & 31ULL); - low[6U] = (int16_t)(low64 >> 30U & 31ULL); - low[7U] = (int16_t)(low64 >> 35U & 31ULL); - high[0U] = (int16_t)(high64 & 31ULL); - high[1U] = (int16_t)(high64 >> 5U & 31ULL); - high[2U] = (int16_t)(high64 >> 10U & 31ULL); - high[3U] = (int16_t)(high64 >> 15U & 31ULL); - high[4U] = (int16_t)(high64 >> 20U & 31ULL); - high[5U] = (int16_t)(high64 >> 25U & 31ULL); - high[6U] = (int16_t)(high64 >> 30U & 31ULL); - high[7U] = (int16_t)(high64 >> 35U & 31ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[20U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)5U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)10U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)13U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)15U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)21U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)20U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)15U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)29U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[20U] -) -{ - uint8_t ret0[20U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[4U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)20U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[4U]; - memcpy(uu____5, input2, (size_t)4U * sizeof (uint8_t)); - uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 1023ULL); - low[1U] = (int16_t)(input00 >> 10U & 1023ULL); - low[2U] = (int16_t)(input00 >> 20U & 1023ULL); - low[3U] = (int16_t)(input00 >> 30U & 1023ULL); - low[4U] = (int16_t)(input00 >> 40U & 1023ULL); - low[5U] = (int16_t)(input00 >> 50U & 1023ULL); - low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); - low[7U] = (int16_t)(input10 >> 6U & 1023ULL); - high[0U] = (int16_t)(input10 >> 16U & 1023ULL); - high[1U] = (int16_t)(input10 >> 26U & 1023ULL); - high[2U] = (int16_t)(input10 >> 36U & 1023ULL); - high[3U] = (int16_t)(input10 >> 46U & 1023ULL); - high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); - high[5U] = (int16_t)(input20 >> 2U & 1023U); - high[6U] = (int16_t)(input20 >> 12U & 1023U); - high[7U] = (int16_t)(input20 >> 22U & 1023U); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[22U] -) -{ - int16_t input[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); - uint8_t result[22U] = { 0U }; - result[0U] = (uint8_t)input[0U]; - result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); - result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); - result[3U] = (uint8_t)(input[2U] >> 2U); - result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); - result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); - result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); - result[7U] = (uint8_t)(input[5U] >> 1U); - result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); - result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); - result[10U] = (uint8_t)(input[7U] >> 3U); - result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; - result[(size_t)11U + (size_t)1U] = - (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | input[(size_t)8U + (size_t)1U] << 3U); - result[(size_t)11U + (size_t)2U] = - (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | input[(size_t)8U + (size_t)2U] << 6U); - result[(size_t)11U + (size_t)3U] = (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); - result[(size_t)11U + (size_t)4U] = - (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | input[(size_t)8U + (size_t)3U] << 1U); - result[(size_t)11U + (size_t)5U] = - (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | input[(size_t)8U + (size_t)4U] << 4U); - result[(size_t)11U + (size_t)6U] = - (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | input[(size_t)8U + (size_t)5U] << 7U); - result[(size_t)11U + (size_t)7U] = (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); - result[(size_t)11U + (size_t)8U] = - (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | input[(size_t)8U + (size_t)6U] << 2U); - result[(size_t)11U + (size_t)9U] = - (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | input[(size_t)8U + (size_t)7U] << 5U); - result[(size_t)11U + (size_t)10U] = (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[22U] -) -{ - uint8_t ret0[22U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) -{ - uint8_t input0[8U] = { 0U }; - uint8_t input1[8U] = { 0U }; - uint8_t input2[8U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)8U, - input2, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof (uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof (uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[8U]; - memcpy(uu____5, input2, (size_t)8U * sizeof (uint8_t)); - uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); - int16_t low[8U] = { 0U }; - int16_t high[8U] = { 0U }; - low[0U] = (int16_t)(input00 & 2047ULL); - low[1U] = (int16_t)(input00 >> 11U & 2047ULL); - low[2U] = (int16_t)(input00 >> 22U & 2047ULL); - low[3U] = (int16_t)(input00 >> 33U & 2047ULL); - low[4U] = (int16_t)(input00 >> 44U & 2047ULL); - low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); - low[6U] = (int16_t)(input10 >> 2U & 2047ULL); - low[7U] = (int16_t)(input10 >> 13U & 2047ULL); - high[0U] = (int16_t)(input10 >> 24U & 2047ULL); - high[1U] = (int16_t)(input10 >> 35U & 2047ULL); - high[2U] = (int16_t)(input10 >> 46U & 2047ULL); - high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); - high[4U] = (int16_t)(input20 >> 4U & 2047ULL); - high[5U] = (int16_t)(input20 >> 15U & 2047ULL); - high[6U] = (int16_t)(input20 >> 26U & 2047ULL); - high[7U] = (int16_t)(input20 >> 37U & 2047ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - low, - int16_t, - Eurydice_slice)); - lit.high = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - high, - int16_t, - Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); -} - -inline void -libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[24U] -) -{ - core_core_arch_arm_shared_neon_int32x4_t - low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.low, - v.low)); - core_core_arch_arm_shared_neon_int32x4_t - mixt = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - low00, - low10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt, - mixt)); - core_core_arch_arm_shared_neon_int64x2_t - low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - low0, - low1, - core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t - high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn1q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(libcrux_intrinsics_arm64__vtrn2q_s16(v.high, - v.high)); - core_core_arch_arm_shared_neon_int32x4_t - mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, - high00, - high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t - high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32(libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, - mixt0)); - core_core_arch_arm_shared_neon_int64x2_t - high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, - high0, - high1, - core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = { 0U }; - Eurydice_slice - uu____2 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)6U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)6U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)14U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)18U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)22U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)24U, - result, - ((core_ops_range_Range__size_t){ .start = (size_t)18U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_array_to_subslice((size_t)32U, - result32, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)30U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[24U] -) -{ - uint8_t ret0[24U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) -{ - uint8_t indexes[16U] = { 0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U }; - core_core_arch_arm_shared_neon_uint8x16_t - index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - indexes, - uint8_t, - Eurydice_slice)); - int16_t - shifts[8U] = - { - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, - (int16_t)-4 - }; - core_core_arch_arm_shared_neon_int16x8_t - shift_vec = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice((size_t)8U, - shifts, - int16_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)16U, - input0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input0, - uint8_t, - Eurydice_slice)); - uint8_t input1[16U] = { 0U }; - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)16U, - input1, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)12U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_arm_shared_neon_uint8x16_t - input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice((size_t)16U, - input1, - uint8_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t - moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted0, - mask12)); - core_core_arch_arm_shared_neon_uint16x8_t - moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8(libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, - index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t - shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16(libcrux_intrinsics_arm64__vandq_u16(shifted1, - mask12)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ .low = low, .high = high }); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a -) -{ - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); -} - -inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ - size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { - break; - } - else - { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; - sampled++; - } - bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; - } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; - sampled++; - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self -) -{ - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -shift_right___15int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - v.low = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.low, - core_core_arch_arm_shared_neon_int16x8_t); - v.high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, - v.high, - core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -shift_right___15int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - return shift_right___15int32_t(v); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fm = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -typedef struct Simd128Hash_s -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - shake128_state[2U]; -} -Simd128Hash; - -static inline Simd128Hash shake128_init_absorb___4size_t(uint8_t input[4U][34U]) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -static inline void -shake128_squeeze_three_blocks___4size_t(Simd128Hash *self, uint8_t ret[4U][504U]) -{ - uint8_t out[4U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = self->shake128_state; - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____5 = &self->shake128_state[1U]; - Eurydice_slice - uu____6 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____5, - uu____6, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, uint8_t ret[4U][168U]) -{ - uint8_t out[4U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____7[168U]; - memcpy(uu____7, out3, (size_t)168U * sizeof (uint8_t)); - memcpy(out[3U], uu____7, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_slice a) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); - Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[4U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) -{ - uint8_t out[4U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)4U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out123, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = - core_slice___Slice_T___split_at_mut(out23, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____3, - uu____4, - uu____5, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____8 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____6, - uu____7, - uu____8, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { - size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(re->coefficients[j], - &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(re->coefficients[j], - &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; -} -__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - fer); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(b, zeta_r); - b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(a, - &t); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(self->coefficients[j]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); - return lit; -} - -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - a_minus_b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(b, - &a); - a = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(a, - &b)); - b = - montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_minus_b, - zeta_r); - return - ( - (__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, - .snd = b - } - ); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer -) -{ - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [4U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - tmp0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___10int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___10int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - return compress___10int32_t(v); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___11int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___11int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - return compress___11int32_t(v); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U] -) -{ - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___4int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___4int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - return compress___4int32_t(v); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - compress___4int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t - compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, - v, - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - compressed0 = libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t - compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32(libcrux_intrinsics_arm64__vqdmulhq_n_s32(libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t - compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - compressed1, - core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___5int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - core_core_arch_arm_shared_neon_int16x8_t - mask = - libcrux_intrinsics_arm64__vdupq_n_s16(libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits((int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = compress_int32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = compress_int32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t - low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t - high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___5int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) -{ - return compress___5int32_t(v); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficients = - compress___5int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return decompress_ciphertext_coefficient___10int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___11int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___4int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return decompress_ciphertext_coefficient___4int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4(bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) -{ - core_core_arch_arm_shared_neon_uint32x4_t - coeff = libcrux_intrinsics_arm64__vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32(v, - (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed0 = libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t - decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, - decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - core_core_arch_arm_shared_neon_uint32x4_t - mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t - low00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - low10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t - high00 = - libcrux_intrinsics_arm64__vandq_u32(libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - mask16); - core_core_arch_arm_shared_neon_uint32x4_t - high10 = - libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)16, - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = decompress_uint32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = decompress_uint32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = decompress_uint32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = decompress_uint32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t - uu____0 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t - uu____1 = libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = - libcrux_intrinsics_arm64__vtrn1q_s16(uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___5int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -) -{ - return decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { - size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce(libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline Simd128Hash shake128_init_absorb___3size_t(uint8_t input[3U][34U]) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice - uu____4 = Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____3, - uu____4, - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -static inline void -shake128_squeeze_three_blocks___3size_t(Simd128Hash *self, uint8_t ret[3U][504U]) -{ - uint8_t out[3U][504U] = { { 0U } }; - uint8_t extra[504U] = { 0U }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = self->shake128_state; - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____4 = &self->shake128_state[1U]; - Eurydice_slice - uu____5 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____4, - uu____5, - Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, uint8_t ret[3U][168U]) -{ - uint8_t out[3U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - uint8_t out2[168U] = { 0U }; - uint8_t out3[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____2, - uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof (uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); - Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[3U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) -{ - uint8_t out[3U][128U] = { { 0U } }; - uint8_t extra[128U] = { 0U }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)3U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = - core_slice___Slice_T___split_at_mut(out12, - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____4 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____2, - uu____3, - uu____4, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - Eurydice_slice - uu____5 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____6 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____7 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____5, - uu____6, - uu____7, - Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); - return lit; -} - -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [3U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - coefficient = - compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U] -) -{ - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_neon_sha512(Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline Simd128Hash shake128_init_absorb___2size_t(uint8_t input[2U][34U]) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = { uu____0, libcrux_sha3_neon_x2_incremental_shake128_init() }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, - state, - (size_t)2U - * - sizeof ( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - )); - return lit; -} - -static inline void -shake128_squeeze_three_blocks___2size_t(Simd128Hash *self, uint8_t ret[2U][504U]) -{ - uint8_t out[2U][504U] = { { 0U } }; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [504U], - Eurydice_slice), - (size_t)1U, - uint8_t [504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = self->shake128_state; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(uu____1, - uu____2, - Eurydice_array_to_slice((size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [504U], uint8_t (*)[504U], uint8_t [504U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, uint8_t ret[2U][168U]) -{ - uint8_t out[2U][168U] = { { 0U } }; - uint8_t out0[168U] = { 0U }; - uint8_t out1[168U] = { 0U }; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(uu____0, - uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____2[168U]; - memcpy(uu____2, out0, (size_t)168U * sizeof (uint8_t)); - memcpy(out[0U], uu____2, (size_t)168U * sizeof (uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out1, (size_t)168U * sizeof (uint8_t)); - memcpy(out[1U], uu____3, (size_t)168U * sizeof (uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); - Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { - break; - } - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U] - )); -} - -typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[2U]; - uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) -{ - uint8_t out[2U][192U] = { { 0U } }; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [192U], - Eurydice_slice), - (size_t)1U, - uint8_t [192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [192U], uint8_t (*)[192U], uint8_t [192U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice randomness -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_as_ntt[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ - uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret, - true, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t(uu____5, - secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); - return lit; -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_neon_sha256(Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret0[32U]; - H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - void -) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) -{ - uint8_t out[2U][128U] = { { 0U } }; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = - core_slice___Slice_T___split_at_mut(Eurydice_array_to_slice((size_t)2U, - out, - uint8_t [128U], - Eurydice_slice), - (size_t)1U, - uint8_t [128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t [128U], uint8_t (*)[128U], uint8_t [128U]), - uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - uint8_t dummy[128U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re, - (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector [2U], - size_t); - i0++) - { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(a_element, - &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1], - &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&result[i1], - &error_1[i1]); - } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(error_2, - message, - result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) - { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t(ret0, - false, - A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); - uint8_t ret[32U]; - H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { - size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t(&u_as_ntt[i0]); - } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) -{ - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { - size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - )); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result, - &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(&v, - secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(message, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256(uu____0, - uu____1, - uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); - uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h deleted file mode 100644 index 55e374569..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ /dev/null @@ -1,418 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem_neon_H -#define __libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3_neon.h" -#include "libcrux_mlkem_portable.h" -#include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high -); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v -); - -int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits(int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta1, - int16_t zeta2 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - int16_t zeta -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3, - int16_t zeta4 -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[2U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[8U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[8U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - int16_t ret[16U] -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[10U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[10U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[20U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[20U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[22U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[22U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a -); - -void -libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, - uint8_t ret[24U] -); - -void -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - uint8_t ret[24U] -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a -); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result); - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self -); - -typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s -{ libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9b58ec04e..17854d7fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,45 +1,566 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_internal.h" #include "internal/libcrux_core.h" +#include "internal/libcrux_sha3_internal.h" -const -int16_t -libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, - (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, - (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, - (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, - (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, - (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, - (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, - (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, - (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, - (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, - (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, - (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, - (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, - (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, - (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, - (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, - (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, - (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, - (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, - (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, - (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, - (int16_t)1522, (int16_t)1628 - }; - -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void) -{ +const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { + (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, + (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, + (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, + (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, + (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383, + (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, + (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, + (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571, + (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, + (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, + (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666, + (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, + (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, + (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951, + (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, + (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, + (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843, + (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, + (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, + (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653, + (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, + (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, + (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349, + (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, + (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, + (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384, + (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, + (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, + (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794, + (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, + (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, + (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( + void) { libcrux_ml_kem_vector_portable_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; @@ -62,49 +583,40 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( - void -) -{ + void) { return libcrux_ml_kem_vector_zero(); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) -{ +libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { libcrux_ml_kem_vector_portable_PortableVector lit; int16_t ret[16U]; core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - int16_t [16U], - void *); - core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError(dst, - ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof (int16_t)); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice(array, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( - Eurydice_slice array -) -{ + Eurydice_slice array) { return libcrux_ml_kem_vector_from_i16_array(array); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; @@ -114,21 +626,16 @@ libcrux_ml_kem_vector_add( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -) -{ + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs) { return libcrux_ml_kem_vector_add(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; @@ -138,21 +645,16 @@ libcrux_ml_kem_vector_sub( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -) -{ + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs) { return libcrux_ml_kem_vector_sub(lhs, rhs); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; v.elements[uu____0] = v.elements[uu____0] * c; @@ -162,21 +664,15 @@ libcrux_ml_kem_vector_multiply_by_constant( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { return libcrux_ml_kem_vector_multiply_by_constant(v, c); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; v.elements[uu____0] = v.elements[uu____0] & c; @@ -186,54 +682,57 @@ libcrux_ml_kem_vector_bitwise_and_with_constant( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { - size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) - { - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; +libcrux_ml_kem_vector_cond_subtract_3329( + libcrux_ml_kem_vector_portable_PortableVector v) { + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; } + return v; } - return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v -) -{ + libcrux_ml_kem_vector_portable_PortableVector v) { return libcrux_ml_kem_vector_cond_subtract_3329(v); } -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) -{ - int32_t - t = - (int32_t)value - * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER - + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); - int16_t quotient = (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); +int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) { + int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +libcrux_ml_kem_vector_barrett_reduce( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); v.elements[i0] = uu____0; } return v; @@ -241,40 +740,37 @@ libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_portable_PortableVect libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v -) -{ + libcrux_ml_kem_vector_portable_PortableVector v) { return libcrux_ml_kem_vector_barrett_reduce(v); } -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) -{ - int32_t - k = - (int32_t)(int16_t)value - * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t - k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); - int16_t value_high = (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); +int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = (int16_t)(k_times_modulus >> + (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); return value_high - c; } -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer) -{ - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * (int32_t)fer); +inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * + (int32_t)fer); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + int16_t uu____0 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); v.elements[i0] = uu____0; } return v; @@ -282,15 +778,11 @@ libcrux_ml_kem_vector_montgomery_multiply_by_constant( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t r -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t r) { return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); } -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) -{ +uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; @@ -299,12 +791,13 @@ uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +libcrux_ml_kem_vector_compress_1( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient((uint16_t)v.elements[i0]); + uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient( + (uint16_t)v.elements[i0]); v.elements[i0] = (int16_t)uu____0; } return v; @@ -312,173 +805,166 @@ libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_portable_PortableVector v libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v -) -{ + libcrux_ml_kem_vector_portable_PortableVector v) { return libcrux_ml_kem_vector_compress_1(v); } -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value) -{ +inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits( + uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) -{ +int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return - (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits(coefficient_bits, - (uint32_t)compressed); + return (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[2U], zeta0); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[2U], zeta0); v.elements[2U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[3U], zeta0); + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[3U], zeta0); v.elements[3U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta1); + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta1); v.elements[6U] = v.elements[4U] - t1; v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta1); + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta1); v.elements[7U] = v.elements[5U] - t2; v.elements[5U] = v.elements[5U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)2U], - zeta2); - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)3U], - zeta2); - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta3); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta3); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)5U] + t6; + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)2U], zeta2); + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)3U], zeta2); + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta3); + v.elements[(size_t)8U + (size_t)6U] = + v.elements[(size_t)8U + (size_t)4U] - t5; + v.elements[(size_t)8U + (size_t)4U] = + v.elements[(size_t)8U + (size_t)4U] + t5; + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta3); + v.elements[(size_t)8U + (size_t)7U] = + v.elements[(size_t)8U + (size_t)5U] - t6; + v.elements[(size_t)8U + (size_t)5U] = + v.elements[(size_t)8U + (size_t)5U] + t6; return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[4U], zeta0); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1) { + int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[4U], zeta0); v.elements[4U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[5U], zeta0); + int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[5U], zeta0); v.elements[5U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[6U], zeta0); + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta0); v.elements[6U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[7U], zeta0); + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta0); v.elements[7U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t - t3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)4U], - zeta1); - v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; - v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t - t4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)5U], - zeta1); - v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; - v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t - t5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)6U], - zeta1); - v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; - v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t - t6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[(size_t)8U + (size_t)7U], - zeta1); - v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; - v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + t6; + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)4U], zeta1); + v.elements[(size_t)8U + (size_t)4U] = + v.elements[(size_t)8U + (size_t)0U] - t3; + v.elements[(size_t)8U + (size_t)0U] = + v.elements[(size_t)8U + (size_t)0U] + t3; + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)5U], zeta1); + v.elements[(size_t)8U + (size_t)5U] = + v.elements[(size_t)8U + (size_t)1U] - t4; + v.elements[(size_t)8U + (size_t)1U] = + v.elements[(size_t)8U + (size_t)1U] + t4; + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta1); + v.elements[(size_t)8U + (size_t)6U] = + v.elements[(size_t)8U + (size_t)2U] - t5; + v.elements[(size_t)8U + (size_t)2U] = + v.elements[(size_t)8U + (size_t)2U] + t5; + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta1); + v.elements[(size_t)8U + (size_t)7U] = + v.elements[(size_t)8U + (size_t)3U] - t6; + v.elements[(size_t)8U + (size_t)3U] = + v.elements[(size_t)8U + (size_t)3U] + t6; return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta -) -{ - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { + int16_t t = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); v.elements[8U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + int16_t t0 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); v.elements[9U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[10U], zeta); + int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[10U], zeta); v.elements[10U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[11U], zeta); + int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[11U], zeta); v.elements[11U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[12U], zeta); + int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[12U], zeta); v.elements[12U] = v.elements[4U] - t3; v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[13U], zeta); + int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[13U], zeta); v.elements[13U] = v.elements[5U] - t4; v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[14U], zeta); + int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[14U], zeta); v.elements[14U] = v.elements[6U] - t5; v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[15U], zeta); + int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( + v.elements[15U], zeta); v.elements[15U] = v.elements[7U] - t6; v.elements[7U] = v.elements[7U] + t6; return v; @@ -486,258 +972,235 @@ libcrux_ml_kem_vector_ntt_layer_3_step( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta -) -{ + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t - uu____0 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[0U] + v.elements[2U]); + int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[0U] + v.elements[2U]); v.elements[0U] = uu____0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + int16_t uu____1 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); v.elements[2U] = uu____1; int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t - uu____2 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[1U] + v.elements[3U]); + int16_t uu____2 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[1U] + v.elements[3U]); v.elements[1U] = uu____2; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + int16_t uu____3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); v.elements[3U] = uu____3; int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t - uu____4 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[4U] + v.elements[6U]); + int16_t uu____4 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[4U] + v.elements[6U]); v.elements[4U] = uu____4; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + int16_t uu____5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); v.elements[6U] = uu____5; int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t - uu____6 = libcrux_ml_kem_vector_barrett_reduce_element(v.elements[5U] + v.elements[7U]); + int16_t uu____6 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[5U] + v.elements[7U]); v.elements[5U] = uu____6; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + int16_t uu____7 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); v.elements[7U] = uu____7; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t - uu____8 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)2U]); + int16_t a_minus_b3 = + v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t uu____8 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); v.elements[(size_t)8U + (size_t)0U] = uu____8; - int16_t uu____9 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + int16_t uu____9 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); v.elements[(size_t)8U + (size_t)2U] = uu____9; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t - uu____10 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)3U]); + int16_t a_minus_b4 = + v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t uu____10 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); v.elements[(size_t)8U + (size_t)1U] = uu____10; - int16_t uu____11 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + int16_t uu____11 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); v.elements[(size_t)8U + (size_t)3U] = uu____11; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t - uu____12 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)4U] - + v.elements[(size_t)8U + (size_t)6U]); + int16_t a_minus_b5 = + v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____12 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); v.elements[(size_t)8U + (size_t)4U] = uu____12; - int16_t uu____13 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + int16_t uu____13 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); v.elements[(size_t)8U + (size_t)6U] = uu____13; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t - uu____14 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[(size_t)8U - + (size_t)5U] - + v.elements[(size_t)8U + (size_t)7U]); + int16_t a_minus_b6 = + v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____14 = libcrux_ml_kem_vector_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); v.elements[(size_t)8U + (size_t)5U] = uu____14; - int16_t uu____15 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + int16_t uu____15 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); v.elements[(size_t)8U + (size_t)7U] = uu____15; return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, + zeta3); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1 -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1) { int16_t a_minus_b = v.elements[4U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[4U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + int16_t uu____0 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); v.elements[4U] = uu____0; int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[5U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + int16_t uu____1 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); v.elements[5U] = uu____1; int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[6U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + int16_t uu____2 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); v.elements[6U] = uu____2; int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[7U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + int16_t uu____3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); v.elements[7U] = uu____3; - int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; + int16_t a_minus_b3 = + v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; v.elements[(size_t)8U + (size_t)0U] = - v.elements[(size_t)8U - + (size_t)0U] - + v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; + int16_t uu____4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); v.elements[(size_t)8U + (size_t)4U] = uu____4; - int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; + int16_t a_minus_b4 = + v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; v.elements[(size_t)8U + (size_t)1U] = - v.elements[(size_t)8U - + (size_t)1U] - + v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; + int16_t uu____5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); v.elements[(size_t)8U + (size_t)5U] = uu____5; - int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; + int16_t a_minus_b5 = + v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; v.elements[(size_t)8U + (size_t)2U] = - v.elements[(size_t)8U - + (size_t)2U] - + v.elements[(size_t)8U + (size_t)6U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; + int16_t uu____6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); v.elements[(size_t)8U + (size_t)6U] = uu____6; - int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; + int16_t a_minus_b6 = + v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; v.elements[(size_t)8U + (size_t)3U] = - v.elements[(size_t)8U - + (size_t)3U] - + v.elements[(size_t)8U + (size_t)7U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; + int16_t uu____7 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); v.elements[(size_t)8U + (size_t)7U] = uu____7; return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1 -) -{ + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta -) -{ + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { int16_t a_minus_b = v.elements[8U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[8U]; - int16_t uu____0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + int16_t uu____0 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); v.elements[8U] = uu____0; int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[9U]; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + int16_t uu____1 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); v.elements[9U] = uu____1; int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[10U]; - int16_t uu____2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + int16_t uu____2 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); v.elements[10U] = uu____2; int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[11U]; - int16_t uu____3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + int16_t uu____3 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); v.elements[11U] = uu____3; int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; v.elements[4U] = v.elements[4U] + v.elements[12U]; - int16_t uu____4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + int16_t uu____4 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); v.elements[12U] = uu____4; int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; v.elements[5U] = v.elements[5U] + v.elements[13U]; - int16_t uu____5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + int16_t uu____5 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); v.elements[13U] = uu____5; int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; v.elements[6U] = v.elements[6U] + v.elements[14U]; - int16_t uu____6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + int16_t uu____6 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); v.elements[14U] = uu____6; int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; v.elements[7U] = v.elements[7U] + v.elements[15U]; - int16_t uu____7 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + int16_t uu____7 = + libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); v.elements[15U] = uu____7; return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta -) -{ + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); } -inline K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -) -{ +inline K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta) { int16_t a0 = _.fst; int16_t a1 = _.snd; int16_t b0 = _0.fst; int16_t b1 = _0.snd; int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t - uu____1 = - libcrux_ml_kem_vector_montgomery_reduce_element(uu____0 - + - (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a1 * (int32_t)b1) - * (int32_t)zeta); - return - ( - (K___int16_t_int16_t){ - .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)a0 - * (int32_t)b1 - + (int32_t)a1 * (int32_t)b0) - } - ); + int16_t uu____1 = libcrux_ml_kem_vector_montgomery_reduce_element( + uu____0 + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element( + (int32_t)a1 * (int32_t)b1) * + (int32_t)zeta); + return ((K___int16_t_int16_t){ + .fst = uu____1, + .snd = libcrux_ml_kem_vector_montgomery_reduce_element( + (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - libcrux_ml_kem_vector_portable_PortableVector out = libcrux_ml_kem_vector_zero(); + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_PortableVector out = + libcrux_ml_kem_vector_zero(); K___int16_t_int16_t lit0; lit0.fst = lhs->elements[0U]; lit0.snd = lhs->elements[1U]; K___int16_t_int16_t lit1; lit1.fst = rhs->elements[0U]; lit1.snd = rhs->elements[1U]; - K___int16_t_int16_t product = libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + K___int16_t_int16_t product = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); out.elements[0U] = product.fst; out.elements[1U] = product.snd; K___int16_t_int16_t lit2; @@ -746,8 +1209,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit3; lit3.fst = rhs->elements[2U]; lit3.snd = rhs->elements[3U]; - K___int16_t_int16_t - product0 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + K___int16_t_int16_t product0 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); out.elements[2U] = product0.fst; out.elements[3U] = product0.snd; K___int16_t_int16_t lit4; @@ -756,7 +1219,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit5; lit5.fst = rhs->elements[4U]; lit5.snd = rhs->elements[5U]; - K___int16_t_int16_t product1 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + K___int16_t_int16_t product1 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); out.elements[4U] = product1.fst; out.elements[5U] = product1.snd; K___int16_t_int16_t lit6; @@ -765,8 +1229,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit7; lit7.fst = rhs->elements[6U]; lit7.snd = rhs->elements[7U]; - K___int16_t_int16_t - product2 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + K___int16_t_int16_t product2 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); out.elements[6U] = product2.fst; out.elements[7U] = product2.snd; K___int16_t_int16_t lit8; @@ -775,7 +1239,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit9; lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; - K___int16_t_int16_t product3 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + K___int16_t_int16_t product3 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); out.elements[(size_t)8U + (size_t)0U] = product3.fst; out.elements[(size_t)8U + (size_t)1U] = product3.snd; K___int16_t_int16_t lit10; @@ -784,8 +1249,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit11; lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; - K___int16_t_int16_t - product4 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + K___int16_t_int16_t product4 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); out.elements[(size_t)8U + (size_t)2U] = product4.fst; out.elements[(size_t)8U + (size_t)3U] = product4.snd; K___int16_t_int16_t lit12; @@ -794,8 +1259,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit13; lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; - K___int16_t_int16_t - product5 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + K___int16_t_int16_t product5 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); out.elements[(size_t)8U + (size_t)4U] = product5.fst; out.elements[(size_t)8U + (size_t)5U] = product5.snd; K___int16_t_int16_t lit14; @@ -804,8 +1269,8 @@ libcrux_ml_kem_vector_ntt_multiply( K___int16_t_int16_t lit; lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; - K___int16_t_int16_t - product6 = libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + K___int16_t_int16_t product6 = + libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); out.elements[(size_t)8U + (size_t)6U] = product6.fst; out.elements[(size_t)8U + (size_t)7U] = product6.snd; return out; @@ -813,818 +1278,778 @@ libcrux_ml_kem_vector_ntt_multiply( libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -) -{ - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); -} - -inline void -libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[2U] -) -{ - uint8_t result[2U] = { 0U }; - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, - (size_t)8U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] - | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[2U] -) -{ + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, + zeta3); +} + +inline void libcrux_ml_kem_vector_serialize_1( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + KRML_MAYBE_FOR8( + i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); + KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = (uint32_t)result[uu____1] | + (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U);); + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]) { uint8_t ret0[2U]; libcrux_ml_kem_vector_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) -{ - libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); - KRML_MAYBE_FOR8(i, - (size_t)0U, - (size_t)8U, - (size_t)1U, - size_t i0 = i; - uint8_t *uu____0 = &Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); - for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_PortableVector result = + libcrux_ml_kem_vector_zero(); + KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + uint8_t *uu____0 = &Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = + (int16_t)((uint32_t)uu____0[0U] >> (uint32_t)i0 & 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t *uu____1 = &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[i0] = (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); + uint8_t *uu____1 = + &Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[i0] = + (int16_t)((uint32_t)uu____1[0U] >> (uint32_t)(i0 - (size_t)8U) & 1U); } return result; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_1(a); } -inline void -libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[8U] -) -{ - uint8_t result[8U] = { 0U }; - result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | (uint32_t)(uint8_t)v.elements[2U]; - result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | (uint32_t)(uint8_t)v.elements[4U]; - result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | (uint32_t)(uint8_t)v.elements[6U]; - result[4U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[5U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; - result[6U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; - result[7U] = - (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] - << 4U - | (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; - memcpy(ret, result, (size_t)8U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[8U] -) -{ +inline void libcrux_ml_kem_vector_serialize_4( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]) { + uint8_t result[8U] = {0U}; + result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | + (uint32_t)(uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)v.elements[3U] << 4U | + (uint32_t)(uint8_t)v.elements[2U]; + result[2U] = (uint32_t)(uint8_t)v.elements[5U] << 4U | + (uint32_t)(uint8_t)v.elements[4U]; + result[3U] = (uint32_t)(uint8_t)v.elements[7U] << 4U | + (uint32_t)(uint8_t)v.elements[6U]; + result[4U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)1U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[5U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)3U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)2U]; + result[6U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)5U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)4U]; + result[7U] = (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)7U] << 4U | + (uint32_t)(uint8_t)v.elements[(size_t)8U + (size_t)6U]; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]) { uint8_t ret0[8U]; libcrux_ml_kem_vector_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_portable_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_PortableVector v = + libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1[0U] >> 4U & 15U); - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____2 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____2[0U] & 15U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____3[0U] >> 4U & 15U); - uint8_t *uu____4 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____4 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____4[0U] & 15U); - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____5[0U] >> 4U & 15U); - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____6[0U] & 15U); - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____7[0U] >> 4U & 15U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____8[0U] & 15U); - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____9 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____9[0U] >> 4U & 15U); - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____10[0U] & 15U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); v.elements[11U] = (int16_t)((uint32_t)uu____11[0U] >> 4U & 15U); - uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____12 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[12U] = (int16_t)((uint32_t)uu____12[0U] & 15U); - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____13[0U] >> 4U & 15U); - uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____14 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[14U] = (int16_t)((uint32_t)uu____14[0U] & 15U); - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____15[0U] >> 4U & 15U); return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_4(a); } -inline void -libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[10U] -) -{ - uint8_t result[10U] = { 0U }; +inline void libcrux_ml_kem_vector_serialize_5( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]) { + uint8_t result[10U] = {0U}; result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); result[1U] = - (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | v.elements[1U] >> 3U); - result[2U] = (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); + (uint8_t)(((v.elements[3U] & (int16_t)1) << 7U | v.elements[2U] << 2U) | + v.elements[1U] >> 3U); + result[2U] = + (uint8_t)((v.elements[4U] & (int16_t)15) << 4U | v.elements[3U] >> 1U); result[3U] = - (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | v.elements[4U] >> 4U); + (uint8_t)(((v.elements[6U] & (int16_t)3) << 6U | v.elements[5U] << 1U) | + v.elements[4U] >> 4U); result[4U] = (uint8_t)(v.elements[7U] << 3U | v.elements[6U] >> 2U); result[5U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) - << 5U - | v.elements[(size_t)8U + (size_t)0U]); + (uint8_t)((v.elements[(size_t)8U + (size_t)1U] & (int16_t)7) << 5U | + v.elements[(size_t)8U + (size_t)0U]); result[6U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) - << 7U - | v.elements[(size_t)8U + (size_t)2U] << 2U) - | v.elements[(size_t)8U + (size_t)1U] >> 3U); + (uint8_t)(((v.elements[(size_t)8U + (size_t)3U] & (int16_t)1) << 7U | + v.elements[(size_t)8U + (size_t)2U] << 2U) | + v.elements[(size_t)8U + (size_t)1U] >> 3U); result[7U] = - (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | v.elements[(size_t)8U + (size_t)3U] >> 1U); + (uint8_t)((v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) << 4U | + v.elements[(size_t)8U + (size_t)3U] >> 1U); result[8U] = - (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) - << 6U - | v.elements[(size_t)8U + (size_t)5U] << 1U) - | v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[9U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)7U] - << 3U - | v.elements[(size_t)8U + (size_t)6U] >> 2U); - memcpy(ret, result, (size_t)10U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[10U] -) -{ + (uint8_t)(((v.elements[(size_t)8U + (size_t)6U] & (int16_t)3) << 6U | + v.elements[(size_t)8U + (size_t)5U] << 1U) | + v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[9U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] << 3U | + v.elements[(size_t)8U + (size_t)6U] >> 2U); + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]) { uint8_t ret0[10U]; libcrux_ml_kem_vector_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_portable_PortableVector v = libcrux_ml_kem_vector_zero(); - uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_PortableVector v = + libcrux_ml_kem_vector_zero(); + uint8_t *uu____0 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); - uint8_t - uu____1 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) - << 3U; - uint8_t *uu____2 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + 3U) + << 3U; + uint8_t *uu____2 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[1U] = (int16_t)((uint32_t)uu____1 | (uint32_t)uu____2[0U] >> 5U); - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[2U] = (int16_t)((uint32_t)uu____3[0U] >> 2U & 31U); - uint8_t - uu____4 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) - << 1U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + 15U) + << 1U; + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); v.elements[3U] = (int16_t)((uint32_t)uu____4 | (uint32_t)uu____5[0U] >> 7U); - uint8_t - uu____6 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) - << 4U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + 1U) + << 4U; + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); v.elements[4U] = (int16_t)((uint32_t)uu____6 | (uint32_t)uu____7[0U] >> 4U); - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[5U] = (int16_t)((uint32_t)uu____8[0U] >> 1U & 31U); - uint8_t - uu____9 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) - << 2U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = ((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + 7U) + << 2U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); v.elements[6U] = (int16_t)((uint32_t)uu____9 | (uint32_t)uu____10[0U] >> 6U); - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); v.elements[7U] = (int16_t)((uint32_t)uu____11[0U] >> 3U); - uint8_t - *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____12 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); v.elements[8U] = (int16_t)((uint32_t)uu____12[0U] & 31U); - uint8_t - uu____13 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & 3U) - << 3U; - uint8_t - *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + 3U) + << 3U; + uint8_t *uu____14 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); v.elements[9U] = (int16_t)((uint32_t)uu____13 | (uint32_t)uu____14[0U] >> 5U); - uint8_t - *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); v.elements[10U] = (int16_t)((uint32_t)uu____15[0U] >> 2U & 31U); - uint8_t - uu____16 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & 15U) - << 1U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, uint8_t, uint8_t *, uint8_t); - v.elements[11U] = (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); - uint8_t - uu____18 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & 1U) - << 4U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, uint8_t *, uint8_t); - v.elements[12U] = (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); - uint8_t - *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____16 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + 15U) + << 1U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + v.elements[11U] = + (int16_t)((uint32_t)uu____16 | (uint32_t)uu____17[0U] >> 7U); + uint8_t uu____18 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + 1U) + << 4U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + v.elements[12U] = + (int16_t)((uint32_t)uu____18 | (uint32_t)uu____19[0U] >> 4U); + uint8_t *uu____20 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); v.elements[13U] = (int16_t)((uint32_t)uu____20[0U] >> 1U & 31U); - uint8_t - uu____21 = - ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & 7U) - << 2U; - uint8_t - *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, uint8_t, uint8_t *, uint8_t); - v.elements[14U] = (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____21 = + ((uint32_t)Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + 7U) + << 2U; + uint8_t *uu____22 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); + v.elements[14U] = + (int16_t)((uint32_t)uu____21 | (uint32_t)uu____22[0U] >> 6U); + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)5U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); v.elements[15U] = (int16_t)((uint32_t)uu____23[0U] >> 3U); return v; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_5(a); } -inline void -libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[20U] -) -{ - uint8_t result[20U] = { 0U }; +inline void libcrux_ml_kem_vector_serialize_10( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]) { + uint8_t result[20U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); - result[3U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U & (int16_t)3); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[1U] >> 6U & (int16_t)15); + result[3U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[2U] >> 4U & (int16_t)63); result[4U] = (uint8_t)(v.elements[3U] >> 2U & (int16_t)255); result[5U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); - result[7U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); - result[8U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[4U] >> 8U & (int16_t)3); + result[7U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[5U] >> 6U & (int16_t)15); + result[8U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[6U] >> 4U & (int16_t)63); result[9U] = (uint8_t)(v.elements[7U] >> 2U & (int16_t)255); result[10U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); result[11U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & (int16_t)3); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U & + (int16_t)3); result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & (int16_t)15); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 6U & + (int16_t)15); result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & (int16_t)63); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 4U & + (int16_t)63); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 2U & (int16_t)255); result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & (int16_t)3); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U & + (int16_t)3); result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & (int16_t)15); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 6U & + (int16_t)15); result[18U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & (int16_t)63); - result[19U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); - memcpy(ret, result, (size_t)20U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[20U] -) -{ + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 4U & + (int16_t)63); + result[19U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 2U & (int16_t)255); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]) { uint8_t ret0[20U]; libcrux_ml_kem_vector_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_PortableVector result = + libcrux_ml_kem_vector_zero(); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | ((int16_t)uu____1[0U] & (int16_t)255); - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 2U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____5 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____5 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____4 | (int16_t)uu____5[0U] >> 4U; - int16_t - uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____7 = &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____7 = + &Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____6 | (int16_t)uu____7[0U] >> 6U; - int16_t - uu____8 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 8U; - uint8_t *uu____9 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____8 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____9 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____8 | ((int16_t)uu____9[0U] & (int16_t)255); - int16_t - uu____10 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 6U; - uint8_t *uu____11 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____10 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____11 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____10 | (int16_t)uu____11[0U] >> 2U; - int16_t - uu____12 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 4U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t uu____12 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____12 | (int16_t)uu____13[0U] >> 4U; - int16_t - uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____14 | (int16_t)uu____15[0U] >> 6U; - int16_t - uu____16 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____16 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____16 | ((int16_t)uu____17[0U] & (int16_t)255); - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____18 | (int16_t)uu____19[0U] >> 2U; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____20 | (int16_t)uu____21[0U] >> 4U; - int16_t - uu____22 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, uint8_t, uint8_t *, uint8_t); + int16_t uu____22 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____23 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)3U, + uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____22 | (int16_t)uu____23[0U] >> 6U; - int16_t - uu____24 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 8U; - uint8_t - *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____24 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U; + uint8_t *uu____25 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____24 | ((int16_t)uu____25[0U] & (int16_t)255); - int16_t - uu____26 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 6U; - uint8_t - *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____26 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U; + uint8_t *uu____27 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____26 | (int16_t)uu____27[0U] >> 2U; - int16_t - uu____28 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 4U; - uint8_t - *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, uint8_t, uint8_t *, uint8_t); + int16_t uu____28 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U; + uint8_t *uu____29 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)7U, + uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____28 | (int16_t)uu____29[0U] >> 4U; - int16_t - uu____30 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____30 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)10U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____30 | (int16_t)uu____31[0U] >> 6U; return result; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_10(a); } -inline void -libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[22U] -) -{ - uint8_t result[22U] = { 0U }; +inline void libcrux_ml_kem_vector_serialize_11( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]) { + uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; - result[1U] = - (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = - (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[1U] >> 5U); result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = - (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = - (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = - (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | + (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | + (uint32_t)(uint8_t)(v.elements[4U] >> 4U); result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = - (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = - (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | + (uint32_t)(uint8_t)(v.elements[6U] >> 6U); result[10U] = (uint8_t)(v.elements[7U] >> 3U); result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U - | (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[22U] -) -{ +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]) { uint8_t ret0[22U]; libcrux_ml_kem_vector_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_portable_PortableVector result = libcrux_ml_kem_vector_zero(); - int16_t - uu____0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) - << 8U; - uint8_t *uu____1 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_PortableVector result = + libcrux_ml_kem_vector_zero(); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t - uu____2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & (int16_t)63) - << 5U; - uint8_t *uu____3 = &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t - uu____4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & (int16_t)1) - << 10U; - int16_t - uu____5 = - uu____4 - | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 2U; - uint8_t *uu____6 = &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____5 = + uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t - uu____7 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U; - uint8_t *uu____8 = &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t - uu____9 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) & (int16_t)127) - << 4U; - uint8_t *uu____10 = &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t - uu____11 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) - << 9U; - int16_t - uu____12 = - uu____11 - | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) << 1U; - uint8_t *uu____13 = &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____12 = + uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t - uu____14 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) & (int16_t)31) - << 6U; - uint8_t *uu____15 = &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t - uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t) << 3U; - uint8_t *uu____17 = &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____17 = + &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t - uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t) - & (int16_t)7) - << 8U; - uint8_t - *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, uint8_t, uint8_t *, uint8_t); + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t - uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t) - & (int16_t)63) - << 5U; - uint8_t - *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, uint8_t *, uint8_t); + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t - uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t) - & (int16_t)1) - << 10U; - int16_t - uu____23 = - uu____22 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t - *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____23 = + uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t - uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t) - & (int16_t)15) - << 7U; - uint8_t - *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, uint8_t *, uint8_t); + int16_t uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t - uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t) - & (int16_t)127) - << 4U; - uint8_t - *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, uint8_t *, uint8_t); + int16_t uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t - uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t) - & (int16_t)3) - << 9U; - int16_t - uu____30 = - uu____29 - | - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t - *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, uint8_t *, uint8_t); + int16_t uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____30 = + uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, + uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t - uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t) - & (int16_t)31) - << 6U; - uint8_t - *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, uint8_t *, uint8_t); + int16_t uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t - uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, uint8_t *, uint8_t) - << 3U; - uint8_t - *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, uint8_t *, uint8_t); + int16_t uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, + uint8_t, uint8_t *, uint8_t); result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; return result; } libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_11(a); } -inline void -libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[24U] -) -{ - uint8_t result[24U] = { 0U }; +inline void libcrux_ml_kem_vector_serialize_12( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]) { + uint8_t result[24U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); - result[1U] = (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); + result[1U] = + (uint8_t)(v.elements[0U] >> 8U | (v.elements[1U] & (int16_t)15) << 4U); result[2U] = (uint8_t)(v.elements[1U] >> 4U & (int16_t)255); result[3U] = (uint8_t)(v.elements[2U] & (int16_t)255); - result[4U] = (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); + result[4U] = + (uint8_t)(v.elements[2U] >> 8U | (v.elements[3U] & (int16_t)15) << 4U); result[5U] = (uint8_t)(v.elements[3U] >> 4U & (int16_t)255); result[6U] = (uint8_t)(v.elements[4U] & (int16_t)255); - result[7U] = (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); + result[7U] = + (uint8_t)(v.elements[4U] >> 8U | (v.elements[5U] & (int16_t)15) << 4U); result[8U] = (uint8_t)(v.elements[5U] >> 4U & (int16_t)255); result[9U] = (uint8_t)(v.elements[6U] & (int16_t)255); - result[10U] = (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); + result[10U] = + (uint8_t)(v.elements[6U] >> 8U | (v.elements[7U] & (int16_t)15) << 4U); result[11U] = (uint8_t)(v.elements[7U] >> 4U & (int16_t)255); result[12U] = (uint8_t)(v.elements[(size_t)8U + (size_t)0U] & (int16_t)255); result[13U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)0U] - >> 8U - | (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); - result[14U] = (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U | + (v.elements[(size_t)8U + (size_t)1U] & (int16_t)15) << 4U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 4U & (int16_t)255); result[15U] = (uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)255); result[16U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)2U] - >> 8U - | (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); - result[17U] = (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 8U | + (v.elements[(size_t)8U + (size_t)3U] & (int16_t)15) << 4U); + result[17U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 4U & (int16_t)255); result[18U] = (uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)255); result[19U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)4U] - >> 8U - | (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); - result[20U] = (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); + (uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 8U | + (v.elements[(size_t)8U + (size_t)5U] & (int16_t)15) << 4U); + result[20U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 4U & (int16_t)255); result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)255); result[22U] = - (uint8_t)(v.elements[(size_t)8U - + (size_t)6U] - >> 8U - | (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); - result[23U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); - memcpy(ret, result, (size_t)24U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[24U] -) -{ + (uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 8U | + (v.elements[(size_t)8U + (size_t)7U] & (int16_t)15) << 4U); + result[23U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 4U & (int16_t)255); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]) { uint8_t ret0[24U]; libcrux_ml_kem_vector_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) -{ - libcrux_ml_kem_vector_portable_PortableVector re = libcrux_ml_kem_vector_zero(); - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - int16_t - byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *, uint8_t); - int16_t - byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, uint8_t *, uint8_t); +libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_PortableVector re = + libcrux_ml_kem_vector_zero(); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t byte3 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t byte4 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t byte5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t byte6 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t byte7 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t byte8 = (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t); + int16_t byte9 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t); + int16_t byte10 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t); + int16_t byte11 = (int16_t)Eurydice_slice_index(bytes, (size_t)11U, uint8_t, + uint8_t *, uint8_t); re.elements[0U] = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); re.elements[1U] = byte2 << 4U | (byte1 >> 4U & (int16_t)15); re.elements[2U] = (byte4 & (int16_t)15) << 8U | (byte3 & (int16_t)255); @@ -1633,30 +2058,30 @@ libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) re.elements[5U] = byte8 << 4U | (byte7 >> 4U & (int16_t)15); re.elements[6U] = (byte10 & (int16_t)15) << 8U | (byte9 & (int16_t)255); re.elements[7U] = byte11 << 4U | (byte10 >> 4U & (int16_t)15); - int16_t - byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, uint8_t *, uint8_t); - int16_t - byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, uint8_t *, uint8_t); - int16_t - byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, uint8_t *, uint8_t); - int16_t - byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, uint8_t *, uint8_t); - int16_t - byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, uint8_t *, uint8_t); - int16_t - byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, uint8_t *, uint8_t); - int16_t - byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, uint8_t *, uint8_t); - int16_t - byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, uint8_t *, uint8_t); - int16_t - byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, uint8_t *, uint8_t); - int16_t - byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, uint8_t *, uint8_t); - int16_t - byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, uint8_t *, uint8_t); - int16_t - byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, uint8_t *, uint8_t); + int16_t byte12 = (int16_t)Eurydice_slice_index(bytes, (size_t)12U, uint8_t, + uint8_t *, uint8_t); + int16_t byte13 = (int16_t)Eurydice_slice_index(bytes, (size_t)13U, uint8_t, + uint8_t *, uint8_t); + int16_t byte14 = (int16_t)Eurydice_slice_index(bytes, (size_t)14U, uint8_t, + uint8_t *, uint8_t); + int16_t byte15 = (int16_t)Eurydice_slice_index(bytes, (size_t)15U, uint8_t, + uint8_t *, uint8_t); + int16_t byte16 = (int16_t)Eurydice_slice_index(bytes, (size_t)16U, uint8_t, + uint8_t *, uint8_t); + int16_t byte17 = (int16_t)Eurydice_slice_index(bytes, (size_t)17U, uint8_t, + uint8_t *, uint8_t); + int16_t byte18 = (int16_t)Eurydice_slice_index(bytes, (size_t)18U, uint8_t, + uint8_t *, uint8_t); + int16_t byte19 = (int16_t)Eurydice_slice_index(bytes, (size_t)19U, uint8_t, + uint8_t *, uint8_t); + int16_t byte20 = (int16_t)Eurydice_slice_index(bytes, (size_t)20U, uint8_t, + uint8_t *, uint8_t); + int16_t byte21 = (int16_t)Eurydice_slice_index(bytes, (size_t)21U, uint8_t, + uint8_t *, uint8_t); + int16_t byte22 = (int16_t)Eurydice_slice_index(bytes, (size_t)22U, uint8_t, + uint8_t *, uint8_t); + int16_t byte23 = (int16_t)Eurydice_slice_index(bytes, (size_t)23U, uint8_t, + uint8_t *, uint8_t); re.elements[8U] = (byte13 & (int16_t)15) << 8U | (byte12 & (int16_t)255); re.elements[9U] = byte14 << 4U | (byte13 >> 4U & (int16_t)15); re.elements[10U] = (byte16 & (int16_t)15) << 8U | (byte15 & (int16_t)255); @@ -1670,71 +2095,79 @@ libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( - Eurydice_slice a -) -{ + Eurydice_slice a) { return libcrux_ml_kem_vector_deserialize_12(a); } -inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result) -{ +inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, + Eurydice_slice result) { size_t sampled = (size_t)0U; - core_slice_iter_Chunks - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(core_slice___Slice_T___chunks(a, - (size_t)3U, - uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(&iter, - uint8_t, - core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) - { + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( + &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) { break; - } - else - { + } else { Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____1; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____1 = sampled < (size_t)16U; - } - else - { - uu____1 = false; - } - if (uu____1) - { - int16_t uu____2 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____2; - sampled++; - } + int16_t uu____2; bool uu____3; - if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) - { - uu____3 = sampled < (size_t)16U; - } - else - { - uu____3 = false; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + int16_t uu____8 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____8; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } } - if (uu____3) - { - int16_t uu____4 = d2; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = uu____4; - sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } } } } @@ -1743,100 +2176,82 @@ inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice size_t libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -) -{ + Eurydice_slice a, Eurydice_slice out) { return libcrux_ml_kem_vector_rej_sample(a, out); } inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self -) -{ + libcrux_ml_kem_vector_portable_PortableVector *self) { return self[0U]; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) -{ +ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - lit; + lit; lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12(bytes); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + bytes); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + coefficient); re.coefficients[i0] = uu____0; } return re; @@ -1844,515 +2259,373 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_vector_portable_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector -shift_right___15int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +static libcrux_ml_kem_vector_portable_PortableVector shift_right___15int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return shift_right___15int32_t(v); } static libcrux_ml_kem_vector_portable_PortableVector to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a -) -{ + libcrux_ml_kem_vector_portable_PortableVector a) { libcrux_ml_kem_vector_portable_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_portable_PortableVector - fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant(t, - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, - &fm); + libcrux_ml_kem_vector_portable_PortableVector fm = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a, &fm); } static inline void serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[384U] -) -{ - uint8_t serialized[384U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)384U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)384U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[4U], - uint8_t ret[1536U] -) -{ - uint8_t out[1536U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1536U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1536U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U], - Eurydice_slice seed_for_a, - uint8_t ret[1568U] -) -{ - uint8_t public_key_serialized[1568U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1568U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1536U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[4U]; - memcpy(uu____1, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1568U, - public_key_serialized, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t(Eurydice_array_to_subslice_to((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[4U]; - memcpy(uu____0, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, - public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1568U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static void closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -typedef struct PortableHash____4size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; } -PortableHash____4size_t; +typedef struct PortableHash____4size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[4U]; +} PortableHash____4size_t; -static inline PortableHash____4size_t shake128_init_absorb___4size_t(uint8_t input[4U][34U]) -{ +static inline PortableHash____4size_t shake128_init_absorb___4size_t( + uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; - memcpy(uu____1, - state, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)4U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____4size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)4U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)4U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][504U]) -{ - uint8_t out[4U][504U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___4size_t( + PortableHash____4size_t *self, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( - uint8_t randomness[4U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___4size_t(PortableHash____4size_t *self, uint8_t ret[4U][168U]) -{ - uint8_t out[4U][168U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___4size_t( + PortableHash____4size_t *self, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( - uint8_t randomness[4U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_slice a) -{ +from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array(Eurydice_slice_subslice(a, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; @@ -2360,405 +2633,317 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_slice a) static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - size_t sampled_coefficients[4U] = { 0U }; - int16_t out[4U][272U] = { { 0U } }; + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); PortableHash____4size_t xof_state = shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t(uu____2, - sampled_coefficients, - out); } int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U][4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0(A_transpose[i]);); - KRML_MAYBE_FOR4(i0, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[4U][34U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U] - )); + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - fst[4U]; + fst[4U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) -{ - uint8_t out[4U][128U] = { { 0U } }; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)4U * sizeof (uint8_t [128U])); +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - uu____2 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *, uint8_t) << 24U; + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) - { + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { uint32_t outcome_set = i; uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); size_t offset = (size_t)(outcome_set0 >> 2U); sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice randomness -) -{ - int16_t sampled_i16s[256U] = { 0U }; - for - (size_t - i0 = (size_t)0U; - i0 - < core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) - { + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint32_t - uu____0 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t - uu____1 = - uu____0 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____1 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *, uint8_t) << 16U; + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) - { + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { int32_t outcome_set = i; int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t - outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); size_t offset = (size_t)(outcome_set0 / (int32_t)6); sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return - from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_slice((size_t)256U, - sampled_i16s, - int16_t, - Eurydice_slice)); + return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - Eurydice_slice randomness -) -{ + Eurydice_slice randomness) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector(randomness); + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( + randomness); return uu____0; } static inline void ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) - { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector - t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant(re->coefficients[j - + step], - (int16_t)-1600); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(re->coefficients[j], - &t); + libcrux_ml_kem_vector_portable_PortableVector t = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(re->coefficients[j], - &t); + libcrux_ml_kem_vector_portable_PortableVector uu____1 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + re->coefficients[j], &t); re->coefficients[j] = uu____1; } } typedef struct -__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s -{ + __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s { libcrux_ml_kem_vector_portable_PortableVector fst; libcrux_ml_kem_vector_portable_PortableVector snd; -} -__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; +} __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; static libcrux_ml_kem_vector_portable_PortableVector montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t fer -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(v, - fer); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t fer) { + return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + v, fer); } static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_portable_PortableVector - t = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector(b, zeta_r); - b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(a, - &t); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, - &t); - return - ( - (__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ - .fst = a, - .snd = b - } - ); + libcrux_ml_kem_vector_portable_PortableVector a, + libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_portable_PortableVector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + b, zeta_r); + b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + a, &t); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + .fst = a, .snd = b}); } static inline void ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - size_t layer -) -{ + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; size_t offset = round * step * (size_t)2U; size_t offset_vec = offset / (size_t)16U; size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -2769,97 +2954,83 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( static inline void ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); } static inline void ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } static inline void ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } static inline void poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(self->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + self->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); @@ -2868,102 +3039,81 @@ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVect static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[4U]; - memcpy(uu____2, - re_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *rhs -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply(&self->coefficients[i0], - &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U - + (size_t)4U * i0 - + (size_t)3U]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); out.coefficients[i0] = uu____0; } return out; @@ -2971,645 +3121,504 @@ ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( static inline void add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static libcrux_ml_kem_vector_portable_PortableVector to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(v, - LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); + libcrux_ml_kem_vector_portable_PortableVector v) { + return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } static inline void add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector(self->coefficients[j]); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); + libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( + self->coefficients[j]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static K___uint8_t_1536size_t__uint8_t_1568size_t_ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[4U][4U]; + A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_as_ntt[4U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____4[4U]; - memcpy(uu____4, - t_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[4U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[3168U] -) -{ - uint8_t out[3168U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)3168U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)3168U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)3168U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t(uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[4U]; - memcpy(uu____2, - error_1, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t0(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t0(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } static inline void invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } static inline void invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step(re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); } static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, - int16_t zeta_r -) -{ - libcrux_ml_kem_vector_portable_PortableVector - a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(b, - &a); - a = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(a, - &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector(a_minus_b, zeta_r); - return - ( - (__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ - .fst = a, - .snd = b - } - ); + libcrux_ml_kem_vector_portable_PortableVector a, + libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { + libcrux_ml_kem_vector_portable_PortableVector a_minus_b = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + b, &a); + a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + .fst = a, .snd = b}); } static inline void invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - size_t layer -) -{ + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) - { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) - { + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[j], - re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -3620,190 +3629,165 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)7U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); } static inline void add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(self->coefficients[j], - (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, - &error->coefficients[j])); + libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [4U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static libcrux_ml_kem_vector_portable_PortableVector decompress_1__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v -) -{ - return - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), - &v), + libcrux_ml_kem_vector_portable_PortableVector v) { + return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), + &v), (int16_t)1665); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( - uint8_t serialized[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1(Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = decompress_1__libcrux_ml_kem_vector_portable_PortableVector(coefficient_compressed); - re.coefficients[i0] = uu____0;); + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + decompress_1__libcrux_ml_kem_vector_portable_PortableVector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); return re; } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(result.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector - tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector - tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(coefficient_normal_form, - &tmp); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(tmp0); + libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector tmp = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + self->coefficients[i0], &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector tmp0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + tmp0); result.coefficients[i0] = uu____0; } return result; @@ -3811,543 +3795,436 @@ add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, - message, - result); + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + error_2, message, result); return result; } static inline libcrux_ml_kem_vector_portable_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)10, - (uint16_t)v.elements[i0]); + int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( + (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector -compress___10int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +static libcrux_ml_kem_vector_portable_PortableVector compress___10int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return compress___10int32_t(v); } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline libcrux_ml_kem_vector_portable_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)11, - (uint16_t)v.elements[i0]); + int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( + (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector -compress___11int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +static libcrux_ml_kem_vector_portable_PortableVector compress___11int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return compress___11int32_t(v); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[352U] -) -{ - uint8_t serialized[352U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)352U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[352U] -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof (uint8_t)); + compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - input[4U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)4U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___4int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)4, - (uint16_t)v.elements[i0]); + int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( + (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector -compress___4int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +static libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return compress___4int32_t(v); } static inline void compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - compress___4int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + compress___4int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___5int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +static inline libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t - uu____0 = - libcrux_ml_kem_vector_compress_ciphertext_coefficient((uint8_t)(int32_t)5, - (uint16_t)v.elements[i0]); + int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( + (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector -compress___5int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +static libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return compress___5int32_t(v); } static inline void compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re, - Eurydice_slice serialized -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficients = - compress___5int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficients = + compress___5int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5(coefficients, - bytes); - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re, - Eurydice_slice out -) -{ - compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, out); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, + out); } static void encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1568U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1536U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[4U][4U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - r_as_ntt[4U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[4U]; - memcpy(error_1, - uu____3.fst, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___4size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[4U]; - memcpy(uu____5, - u, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t(uu____5, - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___4size_t(Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -4356,56 +4233,44 @@ decompress_ciphertext_coefficient___10int32_t(libcrux_ml_kem_vector_portable_Por } static libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___10int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return decompress_ciphertext_coefficient___10int32_t(v); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10(bytes); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + bytes); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } static inline libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11); decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -4414,43 +4279,31 @@ decompress_ciphertext_coefficient___11int32_t(libcrux_ml_kem_vector_portable_Por } static libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___11int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +decompress_ciphertext_coefficient___11int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return decompress_ciphertext_coefficient___11int32_t(v); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11(bytes); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + bytes); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4458,27 +4311,28 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector(serialized); + deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( + serialized); return uu____0; } static inline void ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); @@ -4487,72 +4341,57 @@ ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1568U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1568U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t(u_bytes); + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -4561,56 +4400,43 @@ decompress_ciphertext_coefficient___4int32_t(libcrux_ml_kem_vector_portable_Port } static libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___4int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +decompress_ciphertext_coefficient___4int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return decompress_ciphertext_coefficient___4int32_t(v); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4(bytes); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + bytes); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } static inline libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_portable_PortableVector v) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) - { +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_portable_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int32_t - decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5); decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1); v.elements[i0] = (int16_t)decompressed; @@ -4619,44 +4445,32 @@ decompress_ciphertext_coefficient___5int32_t(libcrux_ml_kem_vector_portable_Port } static libcrux_ml_kem_vector_portable_PortableVector -decompress_ciphertext_coefficient___5int32_t0(libcrux_ml_kem_vector_portable_PortableVector v) -{ +decompress_ciphertext_coefficient___5int32_t0( + libcrux_ml_kem_vector_portable_PortableVector v) { return decompress_ciphertext_coefficient___5int32_t(v); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + bytes); re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector - uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4664,52 +4478,38 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector(serialized); + deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t1(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t1(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) - { + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12(bytes); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + bytes); re.coefficients[i0] = uu____0; } return re; @@ -4717,77 +4517,55 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)4U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - b -) -{ - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant(b.coefficients[i0], - (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce(libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub(self->coefficients[i0], - &coefficient_normal_form)); + libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; @@ -4795,1886 +4573,1463 @@ subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR4(i, - (size_t)0U, - (size_t)4U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); return result; } static inline void compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re, - uint8_t ret[32U] -) -{ - uint8_t serialized[32U] = { 0U }; - KRML_MAYBE_FOR16(i, - (size_t)0U, - (size_t)16U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re.coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector - coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1(coefficient_compressed, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)32U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *);); - memcpy(ret, serialized, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_portable_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re.coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } static void decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t(Eurydice_array_to_subslice_from((size_t)1568U, - ciphertext, - (size_t)1408U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)3168U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1536U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1568U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___4size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1600U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t(uu____7, - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[3U], - uint8_t ret[1152U] -) -{ - uint8_t out[1152U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)1152U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[3U], - Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) -{ - uint8_t public_key_serialized[1184U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[3U]; - memcpy(uu____1, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t(Eurydice_array_to_subslice_to((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[3U]; - memcpy(uu____0, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, - public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)1184U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static void closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -typedef struct PortableHash____3size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; } -PortableHash____3size_t; +typedef struct PortableHash____3size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[3U]; +} PortableHash____3size_t; -static inline PortableHash____3size_t shake128_init_absorb___3size_t(uint8_t input[3U][34U]) -{ +static inline PortableHash____3size_t shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; - memcpy(uu____1, - state, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____3size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)3U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)3U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][504U]) -{ - uint8_t out[3U][504U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( - uint8_t randomness[3U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___3size_t(PortableHash____3size_t *self, uint8_t ret[3U][168U]) -{ - uint8_t out[3U][168U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___3size_t( + PortableHash____3size_t *self, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( - uint8_t randomness[3U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - size_t sampled_coefficients[3U] = { 0U }; - int16_t out[3U][272U] = { { 0U } }; + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); PortableHash____3size_t xof_state = shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t(uu____2, - sampled_coefficients, - out); } int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U][3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0(A_transpose[i]);); - KRML_MAYBE_FOR3(i0, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[3U][34U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U] - )); + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - fst[3U]; + fst[3U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) -{ - uint8_t out[3U][128U] = { { 0U } }; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)3U * sizeof (uint8_t [128U])); +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[3U]; - memcpy(uu____2, - re_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static K___uint8_t_1152size_t__uint8_t_1184size_t_ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[3U][3U]; + A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[3U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_as_ntt[3U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____4[3U]; - memcpy(uu____4, - t_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[3U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) -{ - uint8_t out[2400U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)2400U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t(uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[3U]; - memcpy(uu____2, - error_1, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t0(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t0(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)7U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); } static inline void compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [3U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, - message, - result); + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + error_2, message, result); return result; } static inline void compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - compress___10int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[320U] -) -{ - uint8_t serialized[320U] = { 0U }; - for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - coefficient = - compress___11int32_t0(to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector(re->coefficients[i0])); + libcrux_ml_kem_vector_portable_PortableVector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11(coefficient, - bytes); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)320U, - serialized, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, - void *); + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[320U] -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re, + uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t(re, - uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); + compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - input[3U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re, - Eurydice_slice out -) -{ - compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, out); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, + out); } static void encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t(Eurydice_slice_subslice_to(public_key, - (size_t)1152U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[3U][3U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - r_as_ntt[3U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[3U]; - memcpy(error_1, - uu____3.fst, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___3size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[3U]; - memcpy(uu____5, - u, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___3size_t(Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector(serialized); + deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( + serialized); return uu____0; } static inline void ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re, (size_t)4U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); @@ -6683,2176 +6038,1675 @@ ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(u_bytes); + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - Eurydice_slice serialized -) -{ + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector(serialized); + deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( + serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t1(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t1(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)3U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR3(i, - (size_t)0U, - (size_t)3U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); return result; } static void decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)1152U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)1184U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___3size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[2U], - uint8_t ret[768U] -) -{ - uint8_t out[768U] = { 0U }; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = key[i0]; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)768U, - out, - ( - (core_ops_range_Range__size_t){ + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } - memcpy(ret, out, (size_t)768U * sizeof (uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U], - Eurydice_slice seed_for_a, - uint8_t ret[800U] -) -{ - uint8_t public_key_serialized[800U] = { 0U }; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)800U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)768U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[2U]; - memcpy(uu____1, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t(uu____1, - ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)800U, - public_key_serialized, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - seed_for_a, - uint8_t, - void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof (uint8_t)); -} - -bool -libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - uint8_t *public_key -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(Eurydice_array_to_subslice_to((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[2U]; - memcpy(uu____0, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(uu____0, - Eurydice_array_to_subslice_from((size_t)800U, - public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - public_key_serialized); - return - core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq((size_t)800U, - public_key, - public_key_serialized, - uint8_t, - uint8_t, - bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) -{ - uint8_t digest[64U] = { 0U }; - libcrux_sha3_portable_sha512(Eurydice_array_to_slice((size_t)64U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof (uint8_t)); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static void closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -typedef struct PortableHash____2size_t_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; } -PortableHash____2size_t; +typedef struct PortableHash____2size_t_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t shake128_state[2U]; +} PortableHash____2size_t; -static inline PortableHash____2size_t shake128_init_absorb___2size_t(uint8_t input[2U][34U]) -{ +static inline PortableHash____2size_t shake128_init_absorb___2size_t( + uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &state[i0]; - libcrux_sha3_portable_incremental_shake128_absorb_final(uu____0, - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + state[i] = libcrux_sha3_portable_incremental_shake128_init();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &state[i0]; + libcrux_sha3_portable_incremental_shake128_absorb_final( + uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; - memcpy(uu____1, - state, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + uu____1, state, + (size_t)2U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____2size_t lit; - memcpy(lit.shake128_state, - uu____1, - (size_t)2U * sizeof (libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); + memcpy( + lit.shake128_state, uu____1, + (size_t)2U * + sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; } -static inline void -shake128_squeeze_three_blocks___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][504U]) -{ - uint8_t out[2U][504U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(uu____0, - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [504U])); +static inline void shake128_squeeze_three_blocks___2size_t( + PortableHash____2size_t *self, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( - uint8_t randomness[2U][504U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)504U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } -static inline void -shake128_squeeze_block___2size_t(PortableHash____2size_t *self, uint8_t ret[2U][168U]) -{ - uint8_t out[2U][168U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - *uu____0 = &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block(uu____0, - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [168U])); +static inline void shake128_squeeze_block___2size_t( + PortableHash____2size_t *self, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = + &self->shake128_state[i0]; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } static inline bool sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( - uint8_t randomness[2U][168U], - size_t *sampled_coefficients, - int16_t (*out)[272U] -) -{ - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) - { - size_t r = i; - if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)168U, - randomness[i1], - ( - (core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - size_t - sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample(uu____0, - Eurydice_array_to_subslice((size_t)272U, - out[i1], - ( - (core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U - } - ), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - }); + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); bool done = true; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) - { - sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } - else - { - done = false; - }); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); return done; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( - int16_t s[272U] -) -{ - return - from_i16_array__libcrux_ml_kem_vector_portable_PortableVector(Eurydice_array_to_subslice((size_t)272U, - s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U }), - int16_t, - core_ops_range_Range__size_t, - Eurydice_slice)); + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); } static inline void sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - size_t sampled_coefficients[2U] = { 0U }; - int16_t out[2U][272U] = { { 0U } }; + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof (uint8_t [34U])); + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); PortableHash____2size_t xof_state = shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof (uint8_t [504U])); - bool - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t(uu____1, - sampled_coefficients, - out); - while (true) - { - if (!!done) - { + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( + uu____2, sampled_coefficients, out); } - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof (uint8_t [168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t(uu____2, - sampled_coefficients, - out); } int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof (int16_t [272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret0[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1(uu____3[i]);); - memcpy(ret, - ret0, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline void sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - uint8_t seed[34U], - bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U][2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0(A_transpose[i]);); - KRML_MAYBE_FOR2(i0, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof (uint8_t)); - uint8_t seeds[2U][34U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof (uint8_t [34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(uu____1, - sampled); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { - size_t j = i; + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - sample = sampled[j]; - if (transpose) - { - A_transpose[j][i1] = sample; - } - else - { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, - A_transpose, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U] - )); + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U])); } typedef struct -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s -{ + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - fst[2U]; + fst[2U]; uint8_t snd; -} -__libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) -{ - uint8_t out[2U][192U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [192U])); +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - Eurydice_slice randomness -) -{ + Eurydice_slice randomness) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0; + uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector(randomness); + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( + randomness); return uu____0; } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t(Eurydice_array_to_slice((size_t)192U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[2U]; - memcpy(uu____2, - re_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *rhs -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)16U, - self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), + libcrux_ml_kem_vector_portable_PortableVector, size_t); + i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add(self->coefficients[i0], - &rhs->coefficients[i0]); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = matrix_A[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *matrix_element = &row[j]; + *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(matrix_element, - &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], - &error_as_ntt[i1]); + add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_as_ntt[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static K___uint8_t_768size_t__uint8_t_800size_t_ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed -) -{ + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - (size_t)32U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[2U][2U]; + A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret, - true, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____1, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - memcpy(secret_as_ntt, - uu____2.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_as_ntt[2U]; - memcpy(error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____3, - domain_separator).fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t(A_transpose, - secret_as_ntt, - error_as_ntt, - t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____4[2U]; - memcpy(uu____4, - t_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t(uu____4, - seed_for_A, - public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[2U]; - memcpy(uu____5, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t(uu____5, - secret_key_serialized); + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + uu____5, secret_key_serialized); uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; } -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_sha256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - Eurydice_slice private_key, - Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, - uint8_t ret[1632U] -) -{ - uint8_t out[1632U] = { 0U }; + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - private_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - public_key, - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)1632U, - out, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1632U, - uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t, size_t) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - implicit_rejection_value, - uint8_t, - void *); - memcpy(ret, out, (size_t)1632U * sizeof (uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U] -) -{ - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t, - Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ - uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t(ind_cpa_keypair_randomness); + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof (uint8_t)); - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t(uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), - implicit_rejection_value, - secret_key_serialized); + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t - private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t(uu____2); + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof (uint8_t)); - return - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t(uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t(uu____4)); + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(public_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - ring_element = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector(ring_element); + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); deserialized_pk[i0] = uu____0; } - memcpy(ret, - deserialized_pk, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - void -) -{ + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) -{ - uint8_t out[2U][128U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256(uu____0, - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, Eurydice_slice));); - memcpy(ret, out, (size_t)2U * sizeof (uint8_t [128U])); +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], + uint8_t, Eurydice_slice); + libcrux_sha3_portable_shake256( + uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - uint8_t prf_input[33U], - uint8_t domain_separator -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof (uint8_t));); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_outputs[i0], - uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____2[2U]; - memcpy(uu____2, - error_1, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t - lit; - memcpy(lit.fst, - uu____2, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); lit.snd = domain_separator; return lit; } -static inline void PRF___2size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) -{ - uint8_t digest[128U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)128U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof (uint8_t)); +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t0(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t0(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re -) -{ - size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re, - (size_t)7U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, + re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + &zeta_i, re, (size_t)7U); poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); } static inline void compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i0 = (size_t)0U; - i0 - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector [2U], - size_t); - i0++) - { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U], + size_t); + i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *row = a_as_ntt[i1]; - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - row, + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *a_element = &row[j]; + *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1], - &product); + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(&result[i1], &error_1[i1]); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + &result[i1], &error_1[i1]); } - memcpy(ret, - result, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *message -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&t_as_ntt[i0], - &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result); + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector(error_2, - message, - result); + add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + error_2, message, result); return result; } static void compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - input[2U], - Eurydice_slice out -) -{ - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)2U, - input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, - size_t); - i++) - { + size_t); + i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = input[i0]; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out, - ( - (core_ops_range_Range__size_t){ + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t(&re, - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static void encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[768U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(Eurydice_slice_subslice_to(public_key, - (size_t)768U, - uint8_t, - size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice - seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[2U][2U]; + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t(ret0, - false, - A_transpose); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t(uu____0, - 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - r_as_ntt[2U]; - memcpy(r_as_ntt, - uu____1.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t(uu____2, - domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_1[2U]; - memcpy(error_1, - uu____3.fst, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___2size_t_128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t, - Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t(A_transpose, - r_as_ntt, - error_1, - u); + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof (uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = { 0U }; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[2U]; - memcpy(uu____5, - u, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t(uu____5, - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t(uu____6, - Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof (uint8_t)); + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U] -) -{ + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - size_t, - Eurydice_slice); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); uint8_t ret[32U]; - H___2size_t(Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t(public_key), - uint8_t, - Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = { 0U }; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_slice((size_t)32U, - shared_secret_array, - uint8_t, - Eurydice_slice), - shared_secret, - uint8_t, - void *); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof (uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t - uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t(uu____4); + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)768U, - ciphertext, - uint8_t, - Eurydice_slice), - uint8_t, - size_t) - / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); - i++) - { + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { size_t i0 = i; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)768U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i0 - * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(u_bytes); + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t(&u_as_ntt[i0]); + ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + &u_as_ntt[i0]); } - memcpy(ret, - u_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t1(void) -{ +closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t1(void) { return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); } static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for - (size_t - i = (size_t)0U; - i - < - core_slice___Slice_T___len(secret_key, - uint8_t, - size_t) - / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) - { + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 - * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector(secret_bytes); + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + secret_bytes); secret_as_ntt[i0] = uu____0; } - memcpy(ret, - secret_as_ntt, - (size_t)2U - * - sizeof ( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - )); + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *u_as_ntt -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = - ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector(&secret_as_ntt[i0], - &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&result); - result = subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); return result; } static void decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) -{ - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t(ciphertext, - u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = - deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t(Eurydice_array_to_subslice_from((size_t)768U, - ciphertext, - (size_t)640U, - uint8_t, - size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t(secret_key, - secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t(&v, - secret_as_ntt, - u_as_ntt); + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) -{ - uint8_t digest[32U] = { 0U }; - libcrux_sha3_portable_shake256(Eurydice_array_to_slice((size_t)32U, - digest, - uint8_t, - Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof (uint8_t)); -} - -void -libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U] -) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)1632U, - private_key->value, - uint8_t, - Eurydice_slice), - (size_t)768U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(secret_key0, - (size_t)800U, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key, - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext->value, - decrypted); + decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t, - Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice), - ind_cpa_public_key_hash, - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___2size_t(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, - hashed, - uint8_t, - Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)800U, - to_hash, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, - size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext), - uint8_t, - void *); + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t(ciphertext); - uint8_t - selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t(uu____7, - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); + encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - selector, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } - diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 665a98126..02b989972 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H @@ -12,403 +12,303 @@ extern "C" { #endif -#include "libcrux_sha3_internal.h" -#include "libcrux_sha3.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_internal.h" #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS ((int16_t)1353) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ + ((int16_t)1353) + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R (62209U) +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; -typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { int16_t elements[16U]; } -libcrux_ml_kem_vector_portable_PortableVector; +typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_PortableVector; libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( - void -); + void); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( - Eurydice_slice array -); + Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -); +libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -); + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -); +libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs -); + libcrux_ml_kem_vector_portable_PortableVector lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329(libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_cond_subtract_3329( + libcrux_ml_kem_vector_portable_PortableVector v); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v -); + libcrux_ml_kem_vector_portable_PortableVector v); #define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) #define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R \ + ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce(libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_barrett_reduce( + libcrux_ml_kem_vector_portable_PortableVector v); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v -); + libcrux_ml_kem_vector_portable_PortableVector v); #define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, int16_t fer); +int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, + int16_t fer); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t c -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t r -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t r); uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_compress_1(libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_compress_1( + libcrux_ml_kem_vector_portable_PortableVector v); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v -); + libcrux_ml_kem_vector_portable_PortableVector v); -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, uint32_t value); +uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, + uint32_t value); -int16_t -libcrux_ml_kem_vector_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); +int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, + int16_t zeta1); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta0, - int16_t zeta1 -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, + int16_t zeta1); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, - int16_t zeta -); + libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, - int16_t zeta -); + libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); -typedef struct K___int16_t_int16_t_s -{ +typedef struct K___int16_t_int16_t_s { int16_t fst; int16_t snd; -} -K___int16_t_int16_t; +} K___int16_t_int16_t; -K___int16_t_int16_t -libcrux_ml_kem_vector_ntt_multiply_binomials( - K___int16_t_int16_t _, - K___int16_t_int16_t _0, - int16_t zeta -); +K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( + K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3 -); - -void -libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[2U] -); - -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[2U] -); + libcrux_ml_kem_vector_portable_PortableVector *lhs, + libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_serialize_1( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]); + +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[8U] -); +void libcrux_ml_kem_vector_serialize_4( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[8U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[10U] -); +void libcrux_ml_kem_vector_serialize_5( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[10U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[20U] -); +void libcrux_ml_kem_vector_serialize_10( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[20U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector_serialize_11( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[22U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( - Eurydice_slice a -); + Eurydice_slice a); -void -libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, - uint8_t ret[24U] -); +void libcrux_ml_kem_vector_serialize_12( + libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]); -void -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, - uint8_t ret[24U] -); +void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( - Eurydice_slice a -); + Eurydice_slice a); -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, Eurydice_slice result); +size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, + Eurydice_slice result); size_t libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( - Eurydice_slice a, - Eurydice_slice out -); + Eurydice_slice a, Eurydice_slice out); libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self -); + libcrux_ml_kem_vector_portable_PortableVector *self); typedef struct -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s -{ libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; } -libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s { + libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_platform.c b/libcrux-ml-kem/c/libcrux_platform.c index b1f487d73..d3ad8da95 100644 --- a/libcrux-ml-kem/c/libcrux_platform.c +++ b/libcrux-ml-kem/c/libcrux_platform.c @@ -2,6 +2,11 @@ #include +bool libcrux_platform_platform_simd128_support(void) { + // TODO: query cpuid and cache the results!! + return true; +} + bool libcrux_platform_platform_simd256_support(void) { // TODO: query cpuid and cache the results!! return true; diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 7a55e8bf5..ef41683e2 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index d7cdba78b..36ca19e89 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_H @@ -12,101 +12,97 @@ extern "C" { #endif -#include "libcrux_sha3_internal.h" -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" -static inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); } -static inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); } -static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); } -static inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); } -static inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); } -static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) -{ - uint8_t out[28U] = { 0U }; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); +static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) -{ - uint8_t out[32U] = { 0U }; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); +static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) -{ - uint8_t out[48U] = { 0U }; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); +static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) -{ +static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); +static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -static inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; +static inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d7a2ff7c5..5df798795 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,123 +1,2028 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -inline void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -libcrux_sha3_avx2_x4_incremental_shake128_init(void) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); +static inline core_core_arch_x86___m256i zero(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -inline void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); +static inline core_core_arch_x86___m256i _veor5q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)1, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vrax1q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i rotate_left1_and_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i _vbcaxq_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i and_not_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64( + core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant( + core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + a[1U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + a[2U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = Eurydice_slice_subslice( + a[3U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +new__core_core_arch_x86___m256i_4size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)41, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)18, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)10, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)45, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)6, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)15, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)55, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)27, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)14, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_x86___m256i uu____0 = and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + size_t i) { + core_core_arch_x86___m256i uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = { + uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = new__core_core_arch_x86___m256i_4size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +libcrux_sha3_avx2_x4_incremental_shake128_init(void) { + return new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); } inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3) { + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___168size_t0(s->st, out); } inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); } +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + s, buf); +} diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1889ad419..28d49028b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H @@ -12,60 +12,41 @@ extern "C" { #endif +#include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" - -#include "libcrux_sha3_neon.h" #include "libcrux_core.h" -#include "eurydice_glue.h" +#include "libcrux_sha3_internal.h" -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U]; -} -libcrux_sha3_avx2_x4_incremental_KeccakState4; +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3); + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index f8ef58186..86ffaa430 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H @@ -12,35 +12,43 @@ extern "C" { #endif -#include "libcrux_core.h" #include "eurydice_glue.h" +#include "libcrux_core.h" -static const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ +static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { + 1ULL, + 32898ULL, + 9223372036854808714ULL, + 9223372039002292224ULL, + 32907ULL, + 2147483649ULL, + 9223372039002292353ULL, + 9223372036854808585ULL, + 138ULL, + 136ULL, + 2147516425ULL, + 2147483658ULL, + 2147516555ULL, + 9223372036854775947ULL, + 9223372036854808713ULL, + 9223372036854808579ULL, + 9223372036854808578ULL, + 9223372036854775936ULL, + 32778ULL, + 9223372039002259466ULL, + 9223372039002292353ULL, + 9223372036854808704ULL, + 2147483649ULL, + 9223372039002292232ULL}; + +static inline uint64_t +libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( + void) { return 0ULL; } -static inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ +static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { uint64_t ab = a ^ b; uint64_t cd = c ^ d; uint64_t abcd = ab ^ cd; @@ -49,116 +57,82 @@ libcrux_sha3_portable_keccak__veor5q_u64( static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ + uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } -static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ +static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, + uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); + return uu____0 ^ + libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); } -static inline uint64_t -libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ +static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, + uint64_t b, + uint64_t c) { return a ^ (b & ~c); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ + uint64_t a, uint64_t b, uint64_t c) { return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); } -static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ +static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, + uint64_t c) { return a ^ c; } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ + uint64_t a, uint64_t c) { return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return a ^ b; } -static inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); +static inline void libcrux_sha3_portable_keccak_slice_1( + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { + ret[0U] = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ + Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); +libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], + size_t mid) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out[0U], mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; @@ -169,103 +143,87 @@ libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ + Eurydice_slice a[1U], size_t mid) { return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s -{ uint64_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; +typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s { + uint64_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; static inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ + void) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); return lit; } -static inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -273,766 +231,601 @@ libcrux_sha3_portable_keccak_load_block___168size_t( } } -static inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); } static inline uint64_t -libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ +libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } static inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ +libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, + uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); } static inline uint64_t libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ + uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); } -static inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { +static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + uint64_t uu____1 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + uint64_t uu____2 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + uint64_t uu____3 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + uint64_t c[5U] = { uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + uint64_t uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64_t uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64_t uu____6 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64_t uu____7 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64_t t[5U] = { uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + uint64_t uu____8 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); + uint64_t uu____9 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); + uint64_t uu____10 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); + uint64_t uu____11 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); + uint64_t uu____12 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); + uint64_t uu____13 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); + uint64_t uu____14 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); + uint64_t uu____15 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); + uint64_t uu____16 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); + uint64_t uu____17 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); + uint64_t uu____18 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); + uint64_t uu____19 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); + uint64_t uu____20 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); + uint64_t uu____21 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); + uint64_t uu____22 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); + uint64_t uu____23 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); + uint64_t uu____24 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); + uint64_t uu____25 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); + uint64_t uu____26 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); + uint64_t uu____27 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); + uint64_t uu____28 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); + uint64_t uu____29 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); + uint64_t uu____30 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); + uint64_t uu____31 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); + uint64_t uu____32 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } -static inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ +static inline void libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, uint64_t[5U], void *); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1059,51 +852,31 @@ libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( s->st[4U][4U] = old[4U][1U]; } -static inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ +static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { + uint64_t uu____0 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); s->st[0U][0U] = uu____0; } -static inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { +static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); @@ -1114,153 +887,118 @@ libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; - blocks[i][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; + blocks[i][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)168U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___168size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___168size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + s->st, out); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1268,28 +1006,23 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1297,151 +1030,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)168U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)168U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1451,147 +1147,112 @@ libcrux_sha3_portable_keccak_load_block___104size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; + blocks[i][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)104U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___104size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1599,58 +1260,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___104size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1658,151 +1307,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)104U, (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)104U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)104U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1812,147 +1424,112 @@ libcrux_sha3_portable_keccak_load_block___144size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; + blocks[i][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)144U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___144size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1960,58 +1537,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___144size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2019,151 +1584,114 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)144U, (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)144U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)144U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2173,147 +1701,112 @@ libcrux_sha3_portable_keccak_load_block___136size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___136size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2321,58 +1814,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___136size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2380,287 +1861,222 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( + uu____0, out); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; + blocks[i][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)136U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( + uu____0, ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)136U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)136U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( + uu____0, out); } -static inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_load_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t ret[8U]; core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2670,147 +2086,112 @@ libcrux_sha3_portable_keccak_load_block___72size_t( static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); } static inline void libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; + uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i], + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; - blocks[i][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; + blocks[i][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i][(size_t)72U - (size_t)1U] | 128U; } - uint64_t (*uu____1)[5U] = s->st; + uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); + memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } -static inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { +static inline void libcrux_sha3_portable_keccak_store_block___72size_t( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -static inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; +static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + uint64_t(*uu____0)[5U] = s; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____1, (size_t)200U * sizeof(uint8_t)); } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); + memcpy(ret, ret0, (size_t)1U * sizeof(uint8_t[200U])); } static inline void libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2818,58 +2199,46 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ + uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___72size_t(a, b); } static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + s->st, out); } static inline void libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, + Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2877,122 +2246,96 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( core_ops_range_Range__size_t lit; lit.start = (size_t)0U; lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); } } static inline void libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s = + libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____1, i0 * (size_t)72U, (size_t)72U, ret); + libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, + ret); } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( + uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + out, (size_t)72U); Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); + } else { + K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = + libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + o1, (size_t)72U); Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, + o1); } } } -static inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ +static inline void libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( + uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a0b803a00..b9aa5c77b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,3689 +1,187 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) -{ - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e -) -{ - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c -) -{ - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c -) -{ - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) -{ - core_core_arch_arm_shared_neon_uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_constant(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) -{ - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor0(core_core_arch_arm_shared_neon_uint64x2_t a, core_core_arch_arm_shared_neon_uint64x2_t b) -{ - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static inline void -slice_2(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void -slice_n(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_2(Eurydice_slice out[2U], size_t mid) -{ - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out0, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at_mut(out1, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_n(Eurydice_slice a[2U], size_t mid) -{ - return split_at_mut_2(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void -load_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)72U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, - x, - core_core_arch_arm_shared_neon_uint64x2_t); - return - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, - x, - core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - core_core_arch_arm_shared_neon_uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b -) -{ - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void -theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); - core_core_arch_arm_shared_neon_uint64x2_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_arm_shared_neon_uint64x2_t - uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t - uu____9 = xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t - uu____10 = xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t - uu____11 = xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t - uu____12 = xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t - uu____13 = xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t - uu____14 = xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t - uu____15 = xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t - uu____16 = xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t - uu____17 = xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t - uu____18 = xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t - uu____19 = xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t - uu____20 = xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t - uu____21 = xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t - uu____22 = xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t - uu____23 = xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t - uu____24 = xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t - uu____25 = xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t - uu____26 = xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t - uu____27 = xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_arm_shared_neon_uint64x2_t - uu____28 = xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_arm_shared_neon_uint64x2_t - uu____29 = xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_arm_shared_neon_uint64x2_t - uu____30 = xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_arm_shared_neon_uint64x2_t - uu____31 = xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_arm_shared_neon_uint64x2_t - uu____32 = xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void -pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_arm_shared_neon_uint64x2_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void -chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_arm_shared_neon_uint64x2_t [5U])); - KRML_MAYBE_FOR5(i0, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t i1 = i0; - KRML_MAYBE_FOR5(i, - (size_t)0U, - (size_t)5U, - (size_t)1U, - size_t j = i; - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = - and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void -iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - size_t i -) -{ - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); - } -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___72size_t(uu____0, buf); -} - -static inline void -load_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___72size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)72U - (size_t)8U, .end = (size_t)72U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___72size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___72size_t0(s->st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___72size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___72size_t0(s.st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t(s, o1); - } - } -} - -static inline void -keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - uint8_t dummy[64U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice) }; - keccakx2___72size_t_6uint8_t(uu____0, buf); -} - -static inline void -load_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)136U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___136size_t(uu____0, buf); -} - -static inline void -load_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)136U - (size_t)8U, .end = (size_t)136U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___136size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, o1); - } - } -} - -static inline void -keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t(uu____0, out); -} - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - uint8_t dummy[32U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice) }; - keccakx2___136size_t_6uint8_t(uu____0, buf); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t(s, o1); - } - } -} - -static inline void -keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t(uu____0, out); -} - -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Eurydice_slice buf0[2U] = { input0, input1 }; - Eurydice_slice buf[2U] = { out0, out1 }; - keccakx2___136size_t_31uint8_t(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -KeccakState2; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -libcrux_sha3_neon_x2_incremental_shake128_init(void) -{ - return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); -} - -static inline void -load_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)168U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block_full___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___168size_t(uu____0, buf); -} - -static inline void -load_block_full___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice data0, - Eurydice_slice data1 -) -{ - Eurydice_slice buf[2U] = { data0, data1 }; - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t(s, buf); -} - -static inline void -store_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)168U - (size_t)8U, .end = (size_t)168U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___168size_t0(s->st, out); -} - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Eurydice_slice buf[2U] = { out0, out1 }; - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___168size_t0(s->st, out); -} - -static inline void -squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____0 = split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____1 = split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, o2); -} - -void +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Eurydice_slice buf[2U] = { out0, out1 }; - squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t(s, - buf); -} - -static inline void -load_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)144U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___144size_t(uu____0, buf); -} - -static inline void -load_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___144size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)144U - (size_t)8U, .end = (size_t)144U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___144size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___144size_t0(s->st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___144size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___144size_t0(s.st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t(s, o1); - } - } -} - -static inline void -keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - uint8_t dummy[28U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice) }; - keccakx2___144size_t_6uint8_t(uu____0, buf); -} - -static inline void -load_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____0 = s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____1 = - libcrux_intrinsics_arm64__veorq_u64(uu____0, - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t - uu____2 = - s[((size_t)2U * i0 + (size_t)1U) - / (size_t)5U][((size_t)2U * i0 + (size_t)1U) - % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t - uu____3 = - libcrux_intrinsics_arm64__veorq_u64(uu____2, - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - uu____3; - } - if ((size_t)104U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = { 0U }; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2(&dst0, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst0, - ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t - uvec = - libcrux_intrinsics_arm64__vld1q_u64(Eurydice_array_to_slice((size_t)2U, - u, - uint64_t, - Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t - uu____6 = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void -load_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof (Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice blocks[2U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof (Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -load_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = - { uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice) }; - load_block___104size_t(uu____0, buf); -} - -static inline void -load_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t b[2U][200U] -) -{ - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice last[2U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = { { 0U } }; - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t (*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof (uint8_t [200U])); - load_block_full___104size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -store_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) - { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t - v0 = - libcrux_intrinsics_arm64__vtrn1q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t - v1 = - libcrux_intrinsics_arm64__vtrn2q_u64(s[(size_t)2U - * i0 - / (size_t)5U][(size_t)2U - * i0 - % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U][((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) - { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = { 0U }; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = (size_t)104U - (size_t)8U, .end = (size_t)104U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)16U, - u, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -static inline void -store_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - core_core_arch_arm_shared_neon_uint64x2_t (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice) }; - store_block___104size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof (uint8_t)); -} - -static inline void -store_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - uint8_t ret[2U][200U] -) -{ - uint8_t ret0[2U][200U]; - store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof (uint8_t [200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - uint8_t b[2U][200U]; - store_block_full___104size_t0(s->st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -store_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], - Eurydice_slice b[2U] -) -{ - store_block___104size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - store_block___104size_t0(s->st, out); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t s, - Eurydice_slice out[2U] -) -{ - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___104size_t0(s.st, b); - KRML_MAYBE_FOR2(i, - (size_t)0U, - (size_t)2U, - (size_t)1U, - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], - Eurydice_slice out[2U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof (Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof (Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t(s, o1); - } - } -} - -static inline void -keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], Eurydice_slice out[2U]) -{ - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof (Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - uint8_t dummy[48U] = { 0U }; - Eurydice_slice uu____0[2U] = { data, data }; - Eurydice_slice uu____1 = digest; - Eurydice_slice - buf[2U] = { uu____1, Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice) }; - keccakx2___104size_t_6uint8_t(uu____0, buf); -} - diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 921691e48..0861469fa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc - F* version: b5cb71b8 - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H @@ -12,52 +12,36 @@ extern "C" { #endif +#include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" - -#include "libcrux_sha3_internal.h" #include "libcrux_core.h" -#include "eurydice_glue.h" - -typedef struct -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s -{ core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; +#include "libcrux_sha3_internal.h" void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1); + +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState2; -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice data0, - Eurydice_slice data1 -); +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1); -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t *s, - Eurydice_slice out0, - Eurydice_slice out1 -); +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); From 3be01512d9a9f96a0caa591ddc8f8569342db07c Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 16:36:08 -0700 Subject: [PATCH 15/74] Don't return when in a void function --- libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index 099dfb82e..d7ebcbe67 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -118,22 +118,22 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { - return _mm_storeu_si128((__m128i*)a.ptr, b); + _mm_storeu_si128((__m128i*)a.ptr, b); } static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_slice a, core_core_arch_x86___m256i b) { - return _mm256_storeu_si256((__m256i*)a.ptr, b); + _mm256_storeu_si256((__m256i*)a.ptr, b); } static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice a, core_core_arch_x86___m256i b) { - return _mm256_storeu_si256((__m256i*)a.ptr, b); + _mm256_storeu_si256((__m256i*)a.ptr, b); } static inline void libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { - return _mm_storeu_si128((__m128i*)a.ptr, b); + _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub From 603b3d8288044edbaf5221813473b65cb8dc155a Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 5 Jun 2024 16:36:20 -0700 Subject: [PATCH 16/74] Refresh with upcoming type alias change --- libcrux-ml-kem/c/eurydice_glue.h | 8 +++++++ libcrux-ml-kem/c/internal/libcrux_core.h | 12 +++++----- .../c/internal/libcrux_mlkem_avx2.h | 10 ++++----- .../c/internal/libcrux_mlkem_portable.h | 10 ++++----- .../c/internal/libcrux_sha3_internal.h | 8 +++++++ libcrux-ml-kem/c/libcrux_core.c | 22 +++++++++---------- libcrux-ml-kem/c/libcrux_core.h | 20 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem1024.c | 10 ++++----- libcrux-ml-kem/c/libcrux_mlkem1024.h | 16 +++++++++----- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem512.h | 12 ++++++++++ libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 9 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 ++++----- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 9 ++++---- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 ++++----- libcrux-ml-kem/c/libcrux_mlkem768.c | 12 +++++----- libcrux-ml-kem/c/libcrux_mlkem768.h | 16 +++++++++----- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 5 ++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 13 +++++------ libcrux-ml-kem/c/libcrux_mlkem_portable.c | 13 +++++------ 26 files changed, 136 insertions(+), 122 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index bd794c456..ef21a5003 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -10,6 +10,10 @@ extern "C" { #include #include +#ifdef _MSC_VER +#include +#endif + #include "krml/internal/target.h" #include "krml/lowstar_endianness.h" @@ -124,7 +128,11 @@ core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { } static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { +#ifdef _MSC_VER + return __popcnt(x0); +#else return __builtin_popcount(x0); +#endif } // unsigned overflow wraparound semantics in C diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index d449e80ba..5ca28c79c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -48,7 +48,7 @@ libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uint8_t value[1568U]); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk); @@ -62,7 +62,7 @@ typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { uint8_t snd[1568U]; } K___uint8_t_1536size_t__uint8_t_1568size_t_; -libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uint8_t value[1568U]); @@ -76,7 +76,7 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, uint8_t ret[1600U]); @@ -85,7 +85,7 @@ libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( uint8_t value[1184U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk); @@ -99,7 +99,7 @@ typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { uint8_t snd[1184U]; } K___uint8_t_1152size_t__uint8_t_1184size_t_; -libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uint8_t value[1088U]); @@ -113,7 +113,7 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b95276a30..4332f30ed 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -21,7 +21,7 @@ extern "C" { bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -32,13 +32,12 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -49,8 +48,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8d67ca22e..4fa834a92 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -26,7 +26,7 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -37,13 +37,12 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -54,8 +53,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 391656b64..32b53c527 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -243,6 +243,14 @@ libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from( return uu____0; } +typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; + +typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; + +typedef uint8_t libcrux_sha3_Sha3_256Digest[32U]; + +typedef uint8_t libcrux_sha3_Sha3_224Digest[28U]; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b114068a3..6f32affcf 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -60,12 +60,11 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t){ - .sk = sk, .pk = pk}); + return ((libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____3168size_t @@ -78,12 +77,12 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } -libcrux_ml_kem_types_MlKemCiphertext____1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t lit; + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -111,7 +110,7 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *self) { + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } @@ -141,12 +140,11 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t){ - .sk = sk, .pk = pk}); + return ((libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____2400size_t @@ -159,12 +157,12 @@ libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem_ return lit; } -libcrux_ml_kem_types_MlKemCiphertext____1088size_t +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t lit; + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -192,7 +190,7 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *self) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 07f553e38..6d6e8dcac 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -51,18 +51,18 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey____3168size_t_s { uint8_t value[3168U]; } libcrux_ml_kem_types_MlKemPrivateKey____3168size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t_s { +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t; +} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1568size_t_s { +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemCiphertext____1568size_t; +} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____1568size_t fst; + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; uint8_t snd[32U]; } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_; @@ -80,18 +80,18 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey____2400size_t_s { uint8_t value[2400U]; } libcrux_ml_kem_types_MlKemPrivateKey____2400size_t; -typedef struct libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t_s { +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk; libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk; -} libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; -typedef struct libcrux_ml_kem_types_MlKemCiphertext____1088size_t_s { +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; -} libcrux_ml_kem_types_MlKemCiphertext____1088size_t; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; typedef struct K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t__s { - libcrux_ml_kem_types_MlKemCiphertext____1088size_t fst; + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; uint8_t snd[32U]; } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c index e2cad594d..75a91f769 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.c @@ -11,7 +11,7 @@ void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t uu____0[32U]; if (libcrux_platform_platform_simd256_support()) { @@ -31,7 +31,7 @@ void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536si void libcrux_ml_kem_mlkem1024_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( @@ -82,10 +82,10 @@ libcrux_ml_kem_mlkem1024_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t uu____0; + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair uu____0; if (libcrux_platform_platform_simd256_support()) { uint8_t uu____1[64U]; memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); @@ -108,7 +108,7 @@ libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168si return uu____0; } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 31fd6b6b2..622d719a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -67,6 +67,12 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) +typedef libcrux_ml_kem_types_MlKemPrivateKey____3168size_t + libcrux_ml_kem_mlkem1024_MlKem1024PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey____1568size_t + libcrux_ml_kem_mlkem1024_MlKem1024PublicKey; + #define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \ (LIBCRUX_ML_KEM_MLKEM1024_RANK_1024 * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) @@ -79,13 +85,11 @@ extern "C" { void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); void libcrux_ml_kem_mlkem1024_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( @@ -97,11 +101,11 @@ libcrux_ml_kem_mlkem1024_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 894a6e5aa..78a35d9d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -9,7 +9,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( @@ -28,7 +28,7 @@ libcrux_ml_kem_mlkem1024_avx2_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 76826f781..22172d3c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -18,15 +18,14 @@ extern "C" { void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 89def0e0e..f977e74be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -9,7 +9,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( @@ -28,7 +28,7 @@ libcrux_ml_kem_mlkem1024_portable_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 889adcd1b..5f38c1f52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -18,15 +18,14 @@ extern "C" { void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 9e99eb873..e3a0d8f74 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -65,6 +65,18 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) +typedef libcrux_ml_kem_types_MlKemCiphertext____768size_t + libcrux_ml_kem_mlkem512_MlKem512Ciphertext; + +typedef libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t + libcrux_ml_kem_mlkem512_MlKem512KeyPair; + +typedef libcrux_ml_kem_types_MlKemPrivateKey____1632size_t + libcrux_ml_kem_mlkem512_MlKem512PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey____800size_t + libcrux_ml_kem_mlkem512_MlKem512PublicKey; + #define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 3ecf05aa4..ffdf90bad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -97,7 +97,7 @@ bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_15 public_key); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -119,7 +119,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568 void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( @@ -133,7 +133,7 @@ bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_11 public_key); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -155,8 +155,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184 void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index ef22b8ed1..034e05ffa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -52,7 +52,7 @@ libcrux_ml_kem_mlkem512_avx2_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -63,13 +63,12 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568 void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -80,8 +79,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184 void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index f19b1cfda..437161657 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -97,7 +97,7 @@ bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_ public_key); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -119,7 +119,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( @@ -133,7 +133,7 @@ bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_ public_key); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -155,8 +155,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 60635a57b..ec949dc4d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -52,7 +52,7 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -63,13 +63,12 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -80,8 +79,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c index 5e87a108d..fbcc3e1be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768.c @@ -11,8 +11,7 @@ void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t uu____0[32U]; if (libcrux_platform_platform_simd256_support()) { libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( @@ -31,8 +30,7 @@ void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152si void libcrux_ml_kem_mlkem768_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); @@ -82,10 +80,10 @@ libcrux_ml_kem_mlkem768_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t uu____0; + libcrux_ml_kem_mlkem768_MlKem768KeyPair uu____0; if (libcrux_platform_platform_simd256_support()) { uint8_t uu____1[64U]; memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); @@ -108,7 +106,7 @@ libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400si return uu____0; } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 7916e6736..566ce5499 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -65,6 +65,12 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) +typedef libcrux_ml_kem_types_MlKemPrivateKey____2400size_t + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey____1184size_t + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) @@ -77,13 +83,11 @@ extern "C" { void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); void libcrux_ml_kem_mlkem768_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( @@ -95,11 +99,11 @@ libcrux_ml_kem_mlkem768_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index cccf06957..ba858e6f0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -9,8 +9,7 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); @@ -28,7 +27,7 @@ libcrux_ml_kem_mlkem768_avx2_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index e15872cb4..2354c986e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -18,15 +18,14 @@ extern "C" { void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 0ef5f5d17..76de52009 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -9,8 +9,7 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); @@ -28,7 +27,7 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( uu____0, uu____1); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 78ac0fdb0..2e8dd612b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -18,15 +18,14 @@ extern "C" { void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 21208bcad..1f4239112 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -2811,7 +2811,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( @@ -3802,7 +3802,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); uint8_t uu____6[32U]; @@ -4420,7 +4420,7 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( @@ -5310,7 +5310,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( @@ -5821,7 +5821,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); uint8_t uu____6[32U]; @@ -6024,8 +6024,7 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 17854d7fc..c995aa8b6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -3378,7 +3378,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____3168size_t__1568size_t +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( @@ -4200,7 +4200,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1568size_t uu____5 = + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); uint8_t uu____6[32U]; @@ -4661,7 +4661,7 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1568size_t *ciphertext, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( @@ -5470,7 +5470,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( @@ -5989,7 +5989,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____1088size_t uu____5 = + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); uint8_t uu____6[32U]; @@ -6193,8 +6193,7 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____1088size_t *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, From 546349a2a5893d79d1b474a3e94217b2a342f19b Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Thu, 6 Jun 2024 11:31:39 +0200 Subject: [PATCH 17/74] fix crane warning --- flake.lock | 27 ++++----------------------- flake.nix | 1 + 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index c06ddd613..0221dd945 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "charon": { "inputs": { - "crane": "crane", + "crane": [ + "crane" + ], "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nixpkgs": [ @@ -26,27 +28,6 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "charon", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", - "owner": "ipetkov", - "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -314,7 +295,7 @@ "root": { "inputs": { "charon": "charon", - "crane": "crane_2", + "crane": "crane", "eurydice": "eurydice", "flake-utils": "flake-utils_5", "fstar": [ diff --git a/flake.nix b/flake.nix index 7af9a4342..7a9aa60aa 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ charon = { url = "github:aeneasverif/charon"; inputs.nixpkgs.follows = "eurydice/nixpkgs"; + inputs.crane.follows = "crane"; }; eurydice = { url = "github:aeneasverif/eurydice"; From 4ac22dae1134fec780608cf3ef94b35d1c74339b Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Thu, 6 Jun 2024 11:33:20 +0200 Subject: [PATCH 18/74] Revert "fix crane warning" This reverts commit 546349a2a5893d79d1b474a3e94217b2a342f19b. --- flake.lock | 27 +++++++++++++++++++++++---- flake.nix | 1 - 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 0221dd945..c06ddd613 100644 --- a/flake.lock +++ b/flake.lock @@ -2,9 +2,7 @@ "nodes": { "charon": { "inputs": { - "crane": [ - "crane" - ], + "crane": "crane", "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nixpkgs": [ @@ -28,6 +26,27 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "charon", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -295,7 +314,7 @@ "root": { "inputs": { "charon": "charon", - "crane": "crane", + "crane": "crane_2", "eurydice": "eurydice", "flake-utils": "flake-utils_5", "fstar": [ diff --git a/flake.nix b/flake.nix index 7a9aa60aa..7af9a4342 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ charon = { url = "github:aeneasverif/charon"; inputs.nixpkgs.follows = "eurydice/nixpkgs"; - inputs.crane.follows = "crane"; }; eurydice = { url = "github:aeneasverif/eurydice"; From 1b3de363df8106e1ceef888b189729c19c070d7e Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Thu, 6 Jun 2024 12:01:39 +0200 Subject: [PATCH 19/74] fix linking --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 7af9a4342..117b6c0a1 100644 --- a/flake.nix +++ b/flake.nix @@ -36,8 +36,13 @@ src = ./.; cargoArtifacts = craneLib.buildDepsOnly { inherit src; }; ml-kem = craneLib.buildPackage { - inherit src cargoArtifacts; name = "ml-kem"; + inherit src cargoArtifacts; + postPatch = '' + substituteInPlace libcrux-ml-kem/c/CMakeLists.txt \ + --replace " -flto" " # -flto" \ + --replace "add_link_options(-flto)" "#add_link_options(-flto)" + ''; nativeBuildInputs = [ pkgs.clang pkgs.cmake From 256060124a95a1af2660ab58d784aa4027c1fc64 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Thu, 6 Jun 2024 12:04:57 +0200 Subject: [PATCH 20/74] nix: run tests --- flake.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 117b6c0a1..689231107 100644 --- a/flake.nix +++ b/flake.nix @@ -53,8 +53,6 @@ buildPhase = '' cd libcrux-ml-kem bash c.sh - ''; - checkPhase = '' cd c cmake \ -DFETCHCONTENT_SOURCE_DIR_GOOGLETEST=${googletest} \ @@ -62,6 +60,10 @@ -G "Ninja Multi-Config" -B build cmake --build build --config Release ''; + checkPhase = '' + build/Release/ml_kem_test + build/Release/ml_kem_bench + ''; installPhase = "cp -r . $out"; CHARON_HOME = inputs.charon.packages.${system}.default; EURYDICE_HOME = pkgs.runCommand "eurydice-home" { } '' From 7f1003053fd0d4fa1231368f6355105f871a3b44 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 6 Jun 2024 12:06:41 +0200 Subject: [PATCH 21/74] attempt at separation extracing everywhere doesn't work because of types are extracted to C and fail there. We have a portable and avx2 version now in C. Portable fails all tests --- libcrux-intrinsics/src/arm64_extract.rs | 348 ++++ libcrux-intrinsics/src/avx2.rs | 137 +- libcrux-intrinsics/src/avx2_extract.rs | 334 ++++ libcrux-intrinsics/src/lib.rs | 12 + libcrux-ml-kem/c/CMakeLists.txt | 60 +- libcrux-ml-kem/c/benches/mlkem768.cc | 17 +- libcrux-ml-kem/c/benches/mlkem768_encaps.cc | 7 +- libcrux-ml-kem/c/benches/mlkem768_keygen.cc | 5 +- libcrux-ml-kem/c/internal/libcrux_core.h | 6 +- .../c/internal/libcrux_mlkem_avx2.h | 38 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 6 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.c | 154 -- libcrux-ml-kem/c/libcrux_mlkem1024.h | 41 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.c | 153 -- libcrux-ml-kem/c/libcrux_mlkem512.h | 43 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.c | 152 -- libcrux-ml-kem/c/libcrux_mlkem768.h | 41 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1766 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_platform.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- libcrux-ml-kem/c/tests/mlkem768.cc | 103 +- libcrux-ml-kem/c/tests/sha3.cc | 25 - libcrux-ml-kem/src/ind_cca/multiplexing.rs | 163 +- libcrux-ml-kem/src/mlkem1024.rs | 8 +- libcrux-ml-kem/src/mlkem512.rs | 4 + libcrux-ml-kem/src/mlkem768.rs | 4 + libcrux-ml-kem/src/vector.rs | 3 - libcrux-sha3/src/lib.rs | 20 +- libcrux-sha3/src/simd/avx2.rs | 27 +- 53 files changed, 1984 insertions(+), 1939 deletions(-) create mode 100644 libcrux-intrinsics/src/arm64_extract.rs create mode 100644 libcrux-intrinsics/src/avx2_extract.rs delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768.c diff --git a/libcrux-intrinsics/src/arm64_extract.rs b/libcrux-intrinsics/src/arm64_extract.rs new file mode 100644 index 000000000..13bb20d73 --- /dev/null +++ b/libcrux-intrinsics/src/arm64_extract.rs @@ -0,0 +1,348 @@ +//! This file does not contain correct function signatures! +//! Replace with a hand-written file after extraction. + +#![allow(non_camel_case_types, unsafe_code, unused_variables)] + +pub type _int16x8_t = u8; +pub type _uint32x4_t = u8; +pub type _uint64x2_t = u8; + +#[inline(always)] +pub fn _vdupq_n_s16(i: i16) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vdupq_n_u64(i: u64) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { + unimplemented!() +} + +#[inline(always)] +pub fn _vld1q_s16(array: &[i16]) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vld1q_bytes_u64(array: &[int16x8_t]) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vld1q_u64(array: &[u64]) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vst1q_u64(out: &mut [u64], v: _uint64x2_t) { + unimplemented!() +} + +#[inline(always)] +pub fn _vst1q_bytes_u64(out: &mut [int16x8_t], v: _uint64x2_t) { + unimplemented!() +} + +#[inline(always)] +pub fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vsubq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vmulq_n_s16(v: int16x8_t, c: i16) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vmulq_n_u16(v: uu8, c: u16) -> uu8 { + unimplemented!() +} + +#[inline(always)] +pub fn _vshrq_n_s16(v: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vshrq_n_u16(v: uu8) -> uu8 { + unimplemented!() +} + +#[inline(always)] +pub fn _vshrq_n_u64(v: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vshlq_n_u64(v: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vshlq_n_u32(v: _uint32x4_t) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vqdmulhq_n_s16(k: int16x8_t, b: i16) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vqdmulhq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vbicq_u64(a: _uint64x2_t, b: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vreinterpretq_s16_u16(m0: uu8) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { + unimplemented!() +} + +#[inline(always)] +pub fn _veorq_u64(mask: _uint64x2_t, shifted: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vdupq_n_u32(value: u32) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vaddq_u32(compressed: _uint32x4_t, half: _uint32x4_t) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s32_u32(compressed: _uint32x4_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vqdmulhq_n_s32(a: int32x4_t, b: i32) -> int32x4_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vreinterpretq_u32_s32(a: int32x4_t) -> _uint32x4_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vshrq_n_u32(a: _uint32x4_t) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vandq_u32(a: _uint32x4_t, b: _uint32x4_t) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_u32_s16(a: int16x8_t) -> _uint32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s16_u32(a: _uint32x4_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vtrn1q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vtrn2q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vmulq_n_u32(a: _uint32x4_t, b: u32) -> _uint32x4_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vtrn1q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s16_s32(a: int32x4_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s32_s16(a: int16x8_t) -> int32x4_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vtrn1q_u64(a: _uint64x2_t, b: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { + unimplemented!() +} +#[inline(always)] +pub fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vtrn2q_u64(a: _uint64x2_t, b: _uint64x2_t) -> _uint64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vget_low_s16(a: int16x8_t) -> int16x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vmull_high_s16(a: int16x8_t, b: int16x8_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vmlal_s16(a: int32x4_t, b: int16x4_t, c: int16x4_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vld1q_u8(ptr: &[int16x8_t]) -> uint8x16_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { + unimplemented!() +} +#[inline(always)] +pub fn _vqtbl1q_u8(t: uint8x16_t, idx: uint8x16_t) -> uint8x16_t { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_s16_u8(a: uint8x16_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vshlq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { + unimplemented!() +} +#[inline(always)] +pub fn _vshlq_u16(a: uu8, b: int16x8_t) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vaddv_u16(a: uint16x4_t) -> u16 { + unimplemented!() +} +#[inline(always)] +pub fn _vget_low_u16(a: uu8) -> uint16x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vget_high_u16(a: uu8) -> uint16x4_t { + unimplemented!() +} +#[inline(always)] +pub fn _vaddvq_s16(a: int16x8_t) -> i16 { + unimplemented!() +} + +#[inline(always)] +pub fn _vsliq_n_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vreinterpretq_s64_s32(a: int32x4_t) -> int64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vsliq_n_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { + unimplemented!() +} + +#[inline(always)] +pub fn _vst1q_u8(out: &mut [int16x8_t], v: uint8x16_t) { + unimplemented!() +} +#[inline(always)] +pub fn _vdupq_n_u16(value: u16) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vandq_u16(a: uu8, b: uu8) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vld1q_u16(ptr: &[u16]) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uu8 { + unimplemented!() +} +#[inline(always)] +pub fn _vaddvq_u16(a: uu8) -> u16 { + unimplemented!() +} diff --git a/libcrux-intrinsics/src/avx2.rs b/libcrux-intrinsics/src/avx2.rs index 4d2b81e1e..966654c97 100644 --- a/libcrux-intrinsics/src/avx2.rs +++ b/libcrux-intrinsics/src/avx2.rs @@ -6,49 +6,49 @@ pub use core::arch::x86_64::*; pub type Vec256 = __m256i; pub type Vec128 = __m128i; -pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: __m256i) { +pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { debug_assert_eq!(output.len(), 16); unsafe { - _mm256_storeu_si256(output.as_mut_ptr() as *mut __m256i, vector); + _mm256_storeu_si256(output.as_mut_ptr() as *mut Vec256, vector); } } -pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: __m256i) { +pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: Vec256) { debug_assert_eq!(output.len(), 32); unsafe { - _mm256_storeu_si256(output.as_mut_ptr() as *mut __m256i, vector); + _mm256_storeu_si256(output.as_mut_ptr() as *mut Vec256, vector); } } -pub fn mm_storeu_si128(output: &mut [i16], vector: __m128i) { +pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { // debug_assert_eq!(output.len(), 8); unsafe { - _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); + _mm_storeu_si128(output.as_mut_ptr() as *mut Vec128, vector); } } -pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: __m128i) { +pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { debug_assert_eq!(output.len(), 16); unsafe { - _mm_storeu_si128(output.as_mut_ptr() as *mut __m128i, vector); + _mm_storeu_si128(output.as_mut_ptr() as *mut Vec128, vector); } } -pub fn mm_loadu_si128(input: &[u8]) -> __m128i { +pub fn mm_loadu_si128(input: &[u8]) -> Vec128 { debug_assert_eq!(input.len(), 16); - unsafe { _mm_loadu_si128(input.as_ptr() as *const __m128i) } + unsafe { _mm_loadu_si128(input.as_ptr() as *const Vec128) } } -pub fn mm256_loadu_si256_u8(input: &[u8]) -> __m256i { +pub fn mm256_loadu_si256_u8(input: &[u8]) -> Vec256 { debug_assert_eq!(input.len(), 32); - unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } + unsafe { _mm256_loadu_si256(input.as_ptr() as *const Vec256) } } -pub fn mm256_loadu_si256_i16(input: &[i16]) -> __m256i { +pub fn mm256_loadu_si256_i16(input: &[i16]) -> Vec256 { debug_assert_eq!(input.len(), 16); - unsafe { _mm256_loadu_si256(input.as_ptr() as *const __m256i) } + unsafe { _mm256_loadu_si256(input.as_ptr() as *const Vec256) } } -pub fn mm256_setzero_si256() -> __m256i { +pub fn mm256_setzero_si256() -> Vec256 { unsafe { _mm256_setzero_si256() } } @@ -69,7 +69,7 @@ pub fn mm_set_epi8( byte2: u8, byte1: u8, byte0: u8, -) -> __m128i { +) -> Vec128 { unsafe { _mm_set_epi8( byte15 as i8, @@ -125,7 +125,7 @@ pub fn mm256_set_epi8( byte2: i8, byte1: i8, byte0: i8, -) -> __m256i { +) -> Vec256 { unsafe { _mm256_set_epi8( byte31, byte30, byte29, byte28, byte27, byte26, byte25, byte24, byte23, byte22, byte21, @@ -135,7 +135,7 @@ pub fn mm256_set_epi8( } } -pub fn mm256_set1_epi16(constant: i16) -> __m256i { +pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unsafe { _mm256_set1_epi16(constant) } } pub fn mm256_set_epi16( @@ -155,7 +155,7 @@ pub fn mm256_set_epi16( input2: i16, input1: i16, input0: i16, -) -> __m256i { +) -> Vec256 { unsafe { _mm256_set_epi16( input15, input14, input13, input12, input11, input10, input9, input8, input7, input6, @@ -164,11 +164,11 @@ pub fn mm256_set_epi16( } } -pub fn mm_set1_epi16(constant: i16) -> __m128i { +pub fn mm_set1_epi16(constant: i16) -> Vec128 { unsafe { _mm_set1_epi16(constant) } } -pub fn mm256_set1_epi32(constant: i32) -> __m256i { +pub fn mm256_set1_epi32(constant: i32) -> Vec256 { unsafe { _mm256_set1_epi32(constant) } } pub fn mm256_set_epi32( @@ -180,7 +180,7 @@ pub fn mm256_set_epi32( input2: i32, input1: i32, input0: i32, -) -> __m256i { +) -> Vec256 { unsafe { _mm256_set_epi32( input7, input6, input5, input4, input3, input2, input1, input0, @@ -188,192 +188,189 @@ pub fn mm256_set_epi32( } } -pub fn mm_add_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { +pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unsafe { _mm_add_epi16(lhs, rhs) } } -pub fn mm256_add_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_add_epi16(lhs, rhs) } } -pub fn mm256_madd_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_madd_epi16(lhs, rhs) } } -pub fn mm256_add_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_add_epi32(lhs, rhs) } } -pub fn mm256_sub_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_sub_epi16(lhs, rhs) } } -pub fn mm_sub_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { +pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unsafe { _mm_sub_epi16(lhs, rhs) } } -pub fn mm256_mullo_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_mullo_epi16(lhs, rhs) } } -pub fn mm_mullo_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { +pub fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unsafe { _mm_mullo_epi16(lhs, rhs) } } -pub fn mm256_cmpgt_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_cmpgt_epi16(lhs, rhs) } } -pub fn mm_mulhi_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { +pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unsafe { _mm_mulhi_epi16(lhs, rhs) } } -pub fn mm256_mullo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_mullo_epi32(lhs, rhs) } } -pub fn mm256_mulhi_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_mulhi_epi16(lhs, rhs) } } -pub fn mm256_mul_epu32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_mul_epu32(lhs, rhs) } } -pub fn mm256_and_si256(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_and_si256(lhs, rhs) } } -pub fn mm256_xor_si256(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_xor_si256(lhs, rhs) } } -pub fn mm256_srai_epi16(vector: __m256i) -> __m256i { +pub fn mm256_srai_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unsafe { _mm256_srai_epi16(vector, SHIFT_BY) } } -pub fn mm256_srai_epi32(vector: __m256i) -> __m256i { +pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); unsafe { _mm256_srai_epi32(vector, SHIFT_BY) } } -pub fn mm256_srli_epi16(vector: __m256i) -> __m256i { +pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unsafe { _mm256_srli_epi16(vector, SHIFT_BY) } } -pub fn mm256_srli_epi32(vector: __m256i) -> __m256i { +pub fn mm256_srli_epi32(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); unsafe { _mm256_srli_epi32(vector, SHIFT_BY) } } -pub fn mm256_srli_epi64(vector: __m256i) -> __m256i { +pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); unsafe { _mm256_srli_epi64(vector, SHIFT_BY) } } -pub fn mm256_slli_epi16(vector: __m256i) -> __m256i { +pub fn mm256_slli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unsafe { _mm256_slli_epi16(vector, SHIFT_BY) } } -pub fn mm256_slli_epi32(vector: __m256i) -> __m256i { +pub fn mm256_slli_epi32(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); unsafe { _mm256_slli_epi32(vector, SHIFT_BY) } } -pub fn mm_shuffle_epi8(vector: __m128i, control: __m128i) -> __m128i { +pub fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { unsafe { _mm_shuffle_epi8(vector, control) } } -pub fn mm256_shuffle_epi8(vector: __m256i, control: __m256i) -> __m256i { +pub fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { unsafe { _mm256_shuffle_epi8(vector, control) } } -pub fn mm256_shuffle_epi32(vector: __m256i) -> __m256i { +pub fn mm256_shuffle_epi32(vector: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); unsafe { _mm256_shuffle_epi32(vector, CONTROL) } } -pub fn mm256_permute4x64_epi64(vector: __m256i) -> __m256i { +pub fn mm256_permute4x64_epi64(vector: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); unsafe { _mm256_permute4x64_epi64(vector, CONTROL) } } -pub fn mm256_unpackhi_epi64(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_unpackhi_epi64(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_unpackhi_epi64(lhs, rhs) } } -pub fn mm256_unpacklo_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_unpacklo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_unpacklo_epi32(lhs, rhs) } } -pub fn mm256_unpackhi_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_unpackhi_epi32(lhs, rhs) } } -pub fn mm256_castsi256_si128(vector: __m256i) -> __m128i { +pub fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { unsafe { _mm256_castsi256_si128(vector) } } -pub fn mm256_castsi128_si256(vector: __m128i) -> __m256i { +pub fn mm256_castsi128_si256(vector: Vec128) -> Vec256 { unsafe { _mm256_castsi128_si256(vector) } } -pub fn mm256_cvtepi16_epi32(vector: __m128i) -> __m256i { +pub fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { unsafe { _mm256_cvtepi16_epi32(vector) } } -pub fn mm_packs_epi16(lhs: __m128i, rhs: __m128i) -> __m128i { +pub fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unsafe { _mm_packs_epi16(lhs, rhs) } } -pub fn mm256_packs_epi32(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unsafe { _mm256_packs_epi32(lhs, rhs) } } -pub fn mm256_extracti128_si256(vector: __m256i) -> __m128i { +pub fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { debug_assert!(CONTROL == 0 || CONTROL == 1); unsafe { _mm256_extracti128_si256(vector, CONTROL) } } -pub fn mm256_inserti128_si256( - vector: __m256i, - vector_i128: __m128i, -) -> __m256i { +pub fn mm256_inserti128_si256(vector: Vec256, vector_i128: Vec128) -> Vec256 { debug_assert!(CONTROL == 0 || CONTROL == 1); unsafe { _mm256_inserti128_si256(vector, vector_i128, CONTROL) } } -pub fn mm256_blend_epi16(lhs: __m256i, rhs: __m256i) -> __m256i { +pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); unsafe { _mm256_blend_epi16(lhs, rhs, CONTROL) } } -pub fn mm_movemask_epi8(vector: __m128i) -> i32 { +pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unsafe { _mm_movemask_epi8(vector) } } -pub fn mm256_permutevar8x32_epi32(vector: __m256i, control: __m256i) -> __m256i { +pub fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { unsafe { _mm256_permutevar8x32_epi32(vector, control) } } -pub fn mm256_sllv_epi32(vector: __m256i, counts: __m256i) -> __m256i { +pub fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { unsafe { _mm256_sllv_epi32(vector, counts) } } #[inline(always)] -pub fn mm256_slli_epi64(x: __m256i) -> __m256i { +pub fn mm256_slli_epi64(x: Vec256) -> Vec256 { unsafe { _mm256_slli_epi64::(x) } } #[inline(always)] -pub fn mm256_andnot_si256(a: __m256i, b: __m256i) -> __m256i { +pub fn mm256_andnot_si256(a: Vec256, b: Vec256) -> Vec256 { unsafe { _mm256_andnot_si256(a, b) } } #[inline(always)] -pub fn mm256_set1_epi64x(a: i64) -> __m256i { +pub fn mm256_set1_epi64x(a: i64) -> Vec256 { unsafe { _mm256_set1_epi64x(a) } } #[inline(always)] -pub fn mm256_unpacklo_epi64(a: __m256i, b: __m256i) -> __m256i { +pub fn mm256_unpacklo_epi64(a: Vec256, b: Vec256) -> Vec256 { unsafe { _mm256_unpacklo_epi64(a, b) } } #[inline(always)] -pub fn mm256_permute2x128_si256(a: __m256i, b: __m256i) -> __m256i { +pub fn mm256_permute2x128_si256(a: Vec256, b: Vec256) -> Vec256 { unsafe { _mm256_permute2x128_si256::(a, b) } } diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs new file mode 100644 index 000000000..f1d42e188 --- /dev/null +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -0,0 +1,334 @@ +//! This file does not contain correct function signatures! +//! Replace with a hand-written file after extraction. + +#![allow(unused_variables, non_camel_case_types)] + +pub type Vec256 = u8; +pub type Vec128 = u8; + +pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { + debug_assert_eq!(output.len(), 16); + unimplemented!() +} + +pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: Vec256) { + debug_assert_eq!(output.len(), 32); + unimplemented!() +} +pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { + // debug_assert_eq!(output.len(), 8); + unimplemented!() +} + +pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { + debug_assert_eq!(output.len(), 16); + unimplemented!() +} + +pub fn mm_loadu_si128(input: &[u8]) -> Vec128 { + debug_assert_eq!(input.len(), 16); + unimplemented!() +} + +pub fn mm256_loadu_si256_u8(input: &[u8]) -> Vec256 { + debug_assert_eq!(input.len(), 32); + unimplemented!() +} + +pub fn mm256_loadu_si256_i16(input: &[i16]) -> Vec256 { + debug_assert_eq!(input.len(), 16); + unimplemented!() +} + +pub fn mm256_setzero_si256() -> Vec256 { + unimplemented!() +} + +pub fn mm_set_epi8( + byte15: u8, + byte14: u8, + byte13: u8, + byte12: u8, + byte11: u8, + byte10: u8, + byte9: u8, + byte8: u8, + byte7: u8, + byte6: u8, + byte5: u8, + byte4: u8, + byte3: u8, + byte2: u8, + byte1: u8, + byte0: u8, +) -> Vec128 { + unimplemented!() +} + +pub fn mm256_set_epi8( + byte31: i8, + byte30: i8, + byte29: i8, + byte28: i8, + byte27: i8, + byte26: i8, + byte25: i8, + byte24: i8, + byte23: i8, + byte22: i8, + byte21: i8, + byte20: i8, + byte19: i8, + byte18: i8, + byte17: i8, + byte16: i8, + byte15: i8, + byte14: i8, + byte13: i8, + byte12: i8, + byte11: i8, + byte10: i8, + byte9: i8, + byte8: i8, + byte7: i8, + byte6: i8, + byte5: i8, + byte4: i8, + byte3: i8, + byte2: i8, + byte1: i8, + byte0: i8, +) -> Vec256 { + unimplemented!() +} + +pub fn mm256_set1_epi16(constant: i16) -> Vec256 { + unimplemented!() +} +pub fn mm256_set_epi16( + input15: i16, + input14: i16, + input13: i16, + input12: i16, + input11: i16, + input10: i16, + input9: i16, + input8: i16, + input7: i16, + input6: i16, + input5: i16, + input4: i16, + input3: i16, + input2: i16, + input1: i16, + input0: i16, +) -> Vec256 { + unimplemented!() +} + +pub fn mm_set1_epi16(constant: i16) -> Vec128 { + unimplemented!() +} + +pub fn mm256_set1_epi32(constant: i32) -> Vec256 { + unimplemented!() +} +pub fn mm256_set_epi32( + input7: i32, + input6: i32, + input5: i32, + input4: i32, + input3: i32, + input2: i32, + input1: i32, + input0: i32, +) -> Vec256 { + unimplemented!() +} + +pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} +pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} +pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} + +pub fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_srai_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} +pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} +pub fn mm256_srli_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); + unimplemented!() +} + +pub fn mm256_slli_epi16(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); + unimplemented!() +} + +pub fn mm256_slli_epi32(vector: Vec256) -> Vec256 { + debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 32); + unimplemented!() +} + +pub fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { + unimplemented!() +} +pub fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { + unimplemented!() +} +pub fn mm256_shuffle_epi32(vector: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub fn mm256_permute4x64_epi64(vector: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub fn mm256_unpackhi_epi64(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_unpacklo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { + unimplemented!() +} +pub fn mm256_castsi128_si256(vector: Vec128) -> Vec256 { + unimplemented!() +} + +pub fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { + unimplemented!() +} + +pub fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { + unimplemented!() +} +pub fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unimplemented!() +} + +pub fn mm256_inserti128_si256(vector: Vec256, vector_i128: Vec128) -> Vec256 { + debug_assert!(CONTROL == 0 || CONTROL == 1); + unimplemented!() +} + +pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { + debug_assert!(CONTROL >= 0 && CONTROL < 256); + unimplemented!() +} + +pub fn mm_movemask_epi8(vector: Vec128) -> i32 { + unimplemented!() +} + +pub fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { + unimplemented!() +} + +pub fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_slli_epi64(x: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_andnot_si256(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_set1_epi64x(a: i64) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_unpacklo_epi64(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} + +#[inline(always)] +pub fn mm256_permute2x128_si256(a: Vec256, b: Vec256) -> Vec256 { + unimplemented!() +} diff --git a/libcrux-intrinsics/src/lib.rs b/libcrux-intrinsics/src/lib.rs index 984c70fa3..f87d4fa6c 100644 --- a/libcrux-intrinsics/src/lib.rs +++ b/libcrux-intrinsics/src/lib.rs @@ -1,4 +1,16 @@ +// #[cfg(all(feature = "simd128", not(eurydice), not(hax)))] #[cfg(feature = "simd128")] pub mod arm64; +// #[cfg(all(feature = "simd256", not(eurydice), not(hax)))] #[cfg(feature = "simd256")] pub mod avx2; + +// // When extracting C or F* we only want dummy files here. +// #[cfg(all(feature = "simd128", any(eurydice, hax)))] +// pub mod arm64_extract; +// #[cfg(all(feature = "simd128", any(eurydice, hax)))] +// pub use arm64_extrat as arm64; +// #[cfg(all(feature = "simd256", any(eurydice, hax)))] +// pub mod avx2_extract; +// #[cfg(all(feature = "simd256", any(eurydice, hax)))] +// pub use avx2_extract as avx2; diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index ef65b149d..6d941994e 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -22,7 +22,6 @@ add_compile_options( $<$:-Og> $<$:-g> $<$:-O3> - -flto ) add_link_options(-flto) set(CMAKE_COLOR_DIAGNOSTICS "ON") @@ -60,29 +59,36 @@ file(GLOB SOURCES_vec256 if(${CMAKE_SYSTEM_NAME} MATCHES Linux) add_compile_options( -fPIC + -flto ) endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) add_library(ml_kem SHARED ${SOURCES}) add_library(ml_kem_static STATIC ${SOURCES}) -# if(LIBCRUX_VEC256) -add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) -target_sources(ml_kem_static PRIVATE $) -target_sources(ml_kem PRIVATE $) -target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 -) -# endif() +# This is only for local testing and we assume avx2 on x64. +if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64") + message(STATUS "Detected an x64 architecture") + add_compile_definitions(LIBCRUX_X64) + + add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) + target_sources(ml_kem_static PRIVATE $) + target_sources(ml_kem PRIVATE $) + target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 + ) +endif() -# if(LIBCRUX_VEC128) -# add_library(ml_kem_vec128 OBJECT ${SOURCES_vec128}) -# target_sources(ml_kem_static PRIVATE $) -# target_sources(ml_kem PRIVATE $) -# target_compile_options(ml_kem_vec128 PRIVATE -# ) -# endif() +# This is only for local testing and we assume neon on arm64. +if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8") + message(STATUS "Detected an arm64 architecture") + add_compile_definitions(LIBCRUX_AARCH64) + + add_library(ml_kem_vec128 OBJECT ${SOURCES_vec128}) + target_sources(ml_kem_static PRIVATE $) + target_sources(ml_kem PRIVATE $) +endif() # --- Tests @@ -140,10 +146,7 @@ target_link_libraries(ml_kem_bench PRIVATE benchmark::benchmark ) target_compile_definitions(ml_kem_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_bench PRIVATE - -mavx - -mavx2 -) +target_compile_options(ml_kem_bench PRIVATE) add_executable(ml_kem_keygen ${PROJECT_SOURCE_DIR}/benches/mlkem768_keygen.cc @@ -153,10 +156,7 @@ target_link_libraries(ml_kem_keygen PRIVATE benchmark::benchmark ) target_compile_definitions(ml_kem_keygen PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_keygen PRIVATE - -mavx - -mavx2 -) +target_compile_options(ml_kem_keygen PRIVATE) add_executable(ml_kem_encaps ${PROJECT_SOURCE_DIR}/benches/mlkem768_encaps.cc @@ -166,10 +166,7 @@ target_link_libraries(ml_kem_encaps PRIVATE benchmark::benchmark ) target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(ml_kem_encaps PRIVATE - -mavx - -mavx2 -) +target_compile_options(ml_kem_encaps PRIVATE) add_executable(sha3_bench ${PROJECT_SOURCE_DIR}/benches/sha3.cc @@ -179,7 +176,4 @@ target_link_libraries(sha3_bench PRIVATE benchmark::benchmark ) target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_bench PRIVATE - -mavx - -mavx2 -) +target_compile_options(sha3_bench PRIVATE) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index 680f648e7..217ead8bf 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -10,6 +10,7 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" +#include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" void generate_random(uint8_t *output, uint32_t output_len) @@ -23,11 +24,11 @@ kyber768_key_generation(benchmark::State &state) { uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); for (auto _ : state) { - key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); } } @@ -37,13 +38,13 @@ kyber768_encapsulation(benchmark::State &state) uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); for (auto _ : state) { - ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); } } @@ -53,15 +54,15 @@ kyber768_decapsulation(benchmark::State &state) uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; for (auto _ : state) { - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); } } diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc index 53ae6af1d..4831e07eb 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc @@ -10,6 +10,7 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" +#include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" void generate_random(uint8_t *output, uint32_t output_len) @@ -23,13 +24,13 @@ int main(int argc, char const *argv[]) uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); for (size_t i = 0; i < 100000; i++) { - ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); } return 0; diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc index 37eb855d2..fd3432f93 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc @@ -10,6 +10,7 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" +#include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" void generate_random(uint8_t *output, uint32_t output_len) @@ -22,11 +23,11 @@ int main(int argc, char const *argv[]) { uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); for (size_t i = 0; i < 100000; i++) { - key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); } return 0; } diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 5ca28c79c..39db7b956 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4332f30ed..10a2cb5a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -18,22 +18,6 @@ extern "C" { #include "internal/libcrux_mlkem_portable.h" #include "internal/libcrux_sha3_avx2.h" -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); @@ -50,6 +34,22 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 4fa834a92..5773bba52 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 405e13161..11ada5b26 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 32b53c527..c897dae9f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 6f32affcf..95547276e 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 6d6e8dcac..52b97c825 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.c b/libcrux-ml-kem/c/libcrux_mlkem1024.c deleted file mode 100644 index 75a91f769..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem1024.h" - -#include "internal/libcrux_core.h" - -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_mlkem1024_MlKem1024KeyPair uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 622d719a3..40b2e232a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H @@ -14,9 +14,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM1024_VECTOR_U_COMPRESSION_FACTOR_1024 ((size_t)11U) @@ -83,38 +80,6 @@ typedef libcrux_ml_kem_types_MlKemPublicKey____1568size_t LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem1024_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 78a35d9d3..9dbf4e203 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 22172d3c4..d3da0c00c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f977e74be..b63311db9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 5f38c1f52..2479e6391 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.c b/libcrux-ml-kem/c/libcrux_mlkem512.c deleted file mode 100644 index 89cd6e786..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem512.h" - -#include "internal/libcrux_core.h" - -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e3a0d8f74..5256458eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_H @@ -14,9 +14,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) @@ -87,40 +84,6 @@ typedef libcrux_ml_kem_types_MlKemPublicKey____800size_t LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem512_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index ffdf90bad..14cd4287a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem512_avx2.h" @@ -91,73 +91,73 @@ libcrux_ml_kem_mlkem512_avx2_validate_public_key( return uu____0; } -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( public_key); } -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____0); } -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( public_key); } -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uu____0); } -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 034e05ffa..34801018a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_avx2_H @@ -49,22 +49,6 @@ core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); @@ -81,6 +65,22 @@ void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 437161657..8a1a92703 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ec949dc4d..9ad10a424 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.c b/libcrux-ml-kem/c/libcrux_mlkem768.c deleted file mode 100644 index fbcc3e1be..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem768.h" - -#include "internal/libcrux_core.h" - -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t uu____0[32U]; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - } else { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, uu____0); - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); - return; - } - memcpy(ret, uu____0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ - uu____0; - if (libcrux_platform_platform_simd256_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____1 = public_key; - uint8_t uu____2[32U]; - memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____1, uu____2); - } else if (libcrux_platform_platform_simd128_support()) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____3 = public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____3, uu____4); - } else { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____5 = public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, randomness, (size_t)32U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6); - return uu____0; - } - return uu____0; -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - libcrux_ml_kem_mlkem768_MlKem768KeyPair uu____0; - if (libcrux_platform_platform_simd256_support()) { - uint8_t uu____1[64U]; - memcpy(uu____1, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____1); - } else if (libcrux_platform_platform_simd128_support()) { - uint8_t uu____2[64U]; - memcpy(uu____2, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____2); - } else { - uint8_t uu____3[64U]; - memcpy(uu____3, randomness, (size_t)64U * sizeof(uint8_t)); - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____3); - } - return uu____0; -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - bool uu____0; - if (libcrux_platform_platform_simd256_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } else if (libcrux_platform_platform_simd128_support()) { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } else { - uu____0 = - libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( - public_key); - } - return uu____0; -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 566ce5499..c69fb58ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_H @@ -14,9 +14,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" -#include "libcrux_mlkem512_portable.h" -#include "libcrux_platform.h" #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) @@ -81,38 +78,6 @@ typedef libcrux_ml_kem_types_MlKemPublicKey____1184size_t LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -void libcrux_ml_kem_ind_cca_multiplexing_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem768_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_multiplexing_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_multiplexing_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_multiplexing_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ba858e6f0..4497d2302 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 2354c986e..373792504 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 76de52009..06ce4a50d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2e8dd612b..d7b8a5c6f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 1f4239112..23df04b2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1561,7 +1561,7 @@ ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -1592,14 +1592,14 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -1621,7 +1621,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 } memcpy( ret, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -1677,17 +1677,17 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, key, + (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -1697,7 +1697,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, + (size_t)1152U, out, ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * @@ -1711,68 +1711,68 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, + (size_t)1184U, public_key_serialized, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), + .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; + uu____1[3U]; memcpy( uu____1, t_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, Eurydice_slice), seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; + uu____0[3U]; memcpy( uu____0, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), @@ -1781,22 +1781,22 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy( ret, ret0, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -1804,7 +1804,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t @@ -1817,67 +1817,59 @@ shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } -static inline void shake128_squeeze_three_blocks___4size_t( +static inline void shake128_squeeze_three_blocks___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; + uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], Eurydice_slice), (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], + out12, (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -1903,8 +1895,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -1913,63 +1905,55 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -static inline void shake128_squeeze_block___4size_t( +static inline void shake128_squeeze_block___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], Eurydice_slice), (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], + out12, (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + Eurydice_slice out2 = uu____1.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -1995,8 +1979,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -2026,7 +2010,7 @@ from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -2037,84 +2021,84 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( uu____2, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( uu____3[i]);); memcpy( ret, ret0, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U]) { + ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( uu____1, sampled); for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, sampled, + (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2131,79 +2115,71 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu }); memcpy( ret, A_transpose, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U])); + [3U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; + fst[3U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], Eurydice_slice), (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; + Eurydice_slice out12 = uu____0.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], + out12, (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( + Eurydice_slice uu____7 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( + Eurydice_slice uu____8 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); + uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2471,27 +2447,27 @@ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -2501,17 +2477,17 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; + uu____2[3U]; memcpy( uu____2, re_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; @@ -2519,7 +2495,7 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -2554,7 +2530,7 @@ ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2602,31 +2578,31 @@ add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[4U], + *matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, matrix_A, + (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], size_t); i0++) { size_t i1 = i0; @@ -2637,7 +2613,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, row, + (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2649,7 +2625,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1], &product); } add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -2657,16 +2633,16 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } memcpy( ret, result, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); + G___3size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), @@ -2675,75 +2651,75 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; + secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; + error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____3, domain_separator) .fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; + uu____4[3U]; memcpy( uu____4, t_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[3U]; memcpy( uu____5, secret_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -2752,17 +2728,17 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { } static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____0, + (size_t)2400U, uu____0, ((core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -2775,7 +2751,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t size_t uu____5 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____3, + (size_t)2400U, uu____3, ((core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + @@ -2784,13 +2760,13 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, + (size_t)2400U, out, ((core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - H___4size_t(public_key, ret0); + H___3size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -2801,18 +2777,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t size_t uu____9 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)3168U, uu____7, + (size_t)2400U, uu____7, ((core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -2824,49 +2800,49 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -2888,38 +2864,38 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536 } memcpy( ret, deserialized_pk, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -2927,24 +2903,24 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; + uu____2[3U]; memcpy( uu____2, error_1, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___4size_t_128size_t(Eurydice_slice input, +static inline void PRF___3size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -2954,7 +2930,7 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -3060,7 +3036,7 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = @@ -3099,31 +3075,31 @@ static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[4U], + *a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, + (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], + [3U], size_t); i0++) { size_t i1 = i0; @@ -3134,7 +3110,7 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, row, + (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3146,17 +3122,17 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result[i1]); add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -3222,7 +3198,7 @@ add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3233,14 +3209,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( *message) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( error_2, message, result); @@ -3310,11 +3286,11 @@ static core_core_arch_x86___m256i compress___10int32_t( } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3325,7 +3301,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, + (size_t)320U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3334,7 +3310,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline core_core_arch_x86___m256i @@ -3400,11 +3376,11 @@ static core_core_arch_x86___m256i compress___11int32_t( } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3415,7 +3391,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, + (size_t)320U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3424,31 +3400,31 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], + input[3U], Eurydice_slice out) { for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)4U, input, + (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3460,15 +3436,15 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408 Eurydice_slice uu____0 = Eurydice_slice_subslice( out, ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } @@ -3650,64 +3626,64 @@ compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { + uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; + A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; + r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; + error_1[3U]; memcpy( error_1, uu____3.fst, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___4size_t_128size_t( + PRF___3size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3716,8 +3692,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); @@ -3726,34 +3702,34 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; + uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[3U]; memcpy( uu____5, u, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, + (size_t)1088U, ciphertext, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), + .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -3763,10 +3739,10 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H___4size_t( + H___3size_t( Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( public_key), uint8_t, Eurydice_slice), ret); @@ -3775,7 +3751,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G___4size_t( + G___3size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = @@ -3786,35 +3762,35 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -3992,18 +3968,18 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = (size_t)0U; @@ -4022,46 +3998,46 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, Eurydice_slice), uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); + (size_t)10U / (size_t)8U); i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, + (size_t)1088U, ciphertext, ((core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), + (size_t)10U / (size_t)8U), .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + + (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), + (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -4237,18 +4213,18 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } @@ -4276,14 +4252,14 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vect } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { + ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -4305,7 +4281,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } memcpy( ret, secret_as_ntt, - (size_t)4U * + (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } @@ -4332,7 +4308,7 @@ subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4341,14 +4317,14 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; @@ -4384,24 +4360,24 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -4409,7 +4385,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___4size_t_32size_t(Eurydice_slice input, +static inline void PRF___3size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -4418,21 +4394,20 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), - (size_t)1536U, uint8_t, + (size_t)1152U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, + secret_key0, (size_t)1184U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; @@ -4443,7 +4418,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -4455,7 +4430,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___4size_t( + G___3size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = @@ -4465,33 +4440,33 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext); uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; @@ -4504,19 +4479,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -4538,23 +4513,23 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184 } memcpy( ret, deserialized_pk, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, key, + (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4564,7 +4539,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, + (size_t)1536U, out, ((core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * @@ -4578,68 +4553,68 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, + (size_t)1568U, public_key_serialized, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), + .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; + uu____1[4U]; memcpy( uu____1, t_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, Eurydice_slice), seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; + uu____0[4U]; memcpy( uu____0, deserialized_pk, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), @@ -4648,28 +4623,28 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); memcpy( ret, ret0, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t @@ -4682,59 +4657,67 @@ shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } -static inline void shake128_squeeze_three_blocks___3size_t( +static inline void shake128_squeeze_three_blocks___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; + uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], Eurydice_slice), (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; + Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], + out123, (size_t)1U, uint8_t[504U], K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____6 = Eurydice_array_to_slice( (size_t)504U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], uint8_t[504U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -4760,8 +4743,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -4770,55 +4753,63 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ return done; } -static inline void shake128_squeeze_block___3size_t( +static inline void shake128_squeeze_block___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], Eurydice_slice), (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; + Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], + out123, (size_t)1U, uint8_t[168U], K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( + Eurydice_slice uu____5 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( + Eurydice_slice uu____6 = Eurydice_array_to_slice( (size_t)168U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], uint8_t[168U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], + uint8_t(*)[168U], uint8_t[168U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < @@ -4844,8 +4835,8 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } }); bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = @@ -4855,7 +4846,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -4866,84 +4857,84 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ } static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( uu____2, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( uu____3[i]);); memcpy( ret, ret0, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U]) { + ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( uu____1, sampled); for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, sampled, + (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4960,94 +4951,102 @@ sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu }); memcpy( ret, A_transpose, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U])); + [4U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; + fst[4U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], Eurydice_slice), (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; + Eurydice_slice out123 = uu____0.snd; K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], + out123, (size_t)1U, uint8_t[128U], K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( + Eurydice_slice uu____8 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( + Eurydice_slice uu____9 = Eurydice_array_to_slice( (size_t)128U, Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], uint8_t[128U]), uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); + uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -5057,17 +5056,17 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( &re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; + uu____2[4U]; memcpy( uu____2, re_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; @@ -5075,12 +5074,12 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_ } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *self, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5101,31 +5100,31 @@ add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[3U], + *matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, matrix_A, + (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [4U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [4U], size_t); i0++) { size_t i1 = i0; @@ -5136,7 +5135,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, row, + (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5148,7 +5147,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1], &product); } add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -5156,16 +5155,16 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } memcpy( ret, result, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); + G___4size_t(key_generation_seed, hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), @@ -5174,75 +5173,75 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; + secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; + error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____3, domain_separator) .fst, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; + uu____4[4U]; memcpy( uu____4, t_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[4U]; memcpy( uu____5, secret_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; } -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5251,17 +5250,17 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { } static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; size_t pointer = (size_t)0U; uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____0, + (size_t)3168U, uu____0, ((core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -5274,7 +5273,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t size_t uu____5 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____3, + (size_t)3168U, uu____3, ((core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + @@ -5283,13 +5282,13 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t public_key, uint8_t, void *); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, + (size_t)3168U, out, ((core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[32U]; - H___3size_t(public_key, ret0); + H___4size_t(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5300,18 +5299,18 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t size_t uu____9 = pointer; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( - (size_t)2400U, uu____7, + (size_t)3168U, uu____7, ((core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5323,49 +5322,49 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uu____4)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -5387,38 +5386,38 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152 } memcpy( ret, deserialized_pk, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1 = sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( @@ -5426,24 +5425,24 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; + uu____2[4U]; memcpy( uu____2, error_1, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); lit.snd = domain_separator; return lit; } -static inline void PRF___3size_t_128size_t(Eurydice_slice input, +static inline void PRF___4size_t_128size_t(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -5453,12 +5452,12 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = @@ -5478,31 +5477,31 @@ invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[3U], + *a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, + (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [4U], Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], + [4U], size_t); i0++) { size_t i1 = i0; @@ -5513,7 +5512,7 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, row, + (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5525,23 +5524,23 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result[i1]); add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5552,14 +5551,14 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( *message) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result); result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( error_2, message, result); @@ -5567,11 +5566,11 @@ compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -5582,7 +5581,7 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, + (size_t)352U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5591,15 +5590,15 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -5610,7 +5609,7 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, + (size_t)352U, serialized, ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5619,31 +5618,31 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], + input[4U], Eurydice_slice out) { for ( size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( - (size_t)3U, input, + (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, Eurydice_slice), libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5655,78 +5654,78 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960s Eurydice_slice uu____0 = Eurydice_slice_subslice( out, ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector re, Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { + uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; + A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; + r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; + error_1[4U]; memcpy( error_1, uu____3.fst, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF___3size_t_128size_t( + PRF___4size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5735,8 +5734,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); @@ -5745,34 +5744,34 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; + uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[4U]; memcpy( uu____5, u, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, + (size_t)1568U, ciphertext, ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), + .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -5782,10 +5781,10 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H___3size_t( + H___4size_t( Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( public_key), uint8_t, Eurydice_slice), ret); @@ -5794,7 +5793,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G___3size_t( + G___4size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = @@ -5805,52 +5804,52 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; lit.fst = uu____5; memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *re) { size_t zeta_i = (size_t)0U; @@ -5869,75 +5868,75 @@ ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, Eurydice_slice), uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); + (size_t)11U / (size_t)8U); i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, + (size_t)1568U, ciphertext, ((core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), + (size_t)11U / (size_t)8U), .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + + (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), + (size_t)11U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( serialized); return uu____0; } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -5959,13 +5958,13 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( } memcpy( ret, secret_as_ntt, - (size_t)3U * + (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5974,38 +5973,38 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &result); result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( @@ -6013,7 +6012,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___3size_t_32size_t(Eurydice_slice input, +static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -6022,20 +6021,21 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), - (size_t)1152U, uint8_t, + (size_t)1536U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, + secret_key0, (size_t)1568U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; @@ -6046,7 +6046,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( @@ -6058,7 +6058,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G___3size_t( + G___4size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = @@ -6068,33 +6068,33 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext); uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e4349f2b1..5ae63072a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index c995aa8b6..813f4fac4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 02b989972..078c0cbd3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index ef41683e2..988a2e7f2 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 36ca19e89..87bfd1a1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 5df798795..49e0302b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 28d49028b..2f9e86a7b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 86ffaa430..e796057eb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b9aa5c77b..3d3d86bf4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0861469fa..0a665654b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index d6227f283..b03897d91 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -12,8 +12,12 @@ #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" +#include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" -// #include "util.h" + +#ifdef LIBCRUX_X64 +#include "libcrux_mlkem768_avx2.h" +#endif using namespace std; @@ -156,27 +160,46 @@ read_kats(string path) // return sharedSecret; // } -TEST(MlKem768Test, ConsistencyTest) +#ifdef LIBCRUX_X64 +TEST(MlKem768TestAvx2, ConsistencyTest) +{ + uint8_t randomness[64]; + for (int i = 0; i < 64; i++) + randomness[i] = 13; + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} +#endif + +TEST(MlKem768TestPortable, ConsistencyTest) { uint8_t randomness[64]; for (int i = 0; i < 64; i++) randomness[i] = 13; // generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); // printf("pk: "); // print_hex_ln(1184, key_pair.pk.value); // printf("sk: "); // print_hex_ln(2400, key_pair.sk.value); // generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); // printf("ctxt: "); // print_hex_ln(1088U, ctxt.fst.value); // printf("secret: "); // print_hex_ln(32, ctxt.snd); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); // printf("secret2: "); // print_hex_ln(32, sharedSecret2); @@ -262,38 +285,52 @@ TEST(MlKem768Test, NISTKnownAnswerTest) for (auto kat : kats) { - auto key_pair = - libcrux_ml_kem_mlkem768_generate_key_pair(kat.key_generation_seed.data()); + // auto key_pair = + // libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); + +#ifdef LIBCRUX_X64 + auto key_pair_avx2 = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); +#endif + uint8_t pk_hash[32]; + // libcrux_sha3_sha256( + // EURYDICE_SLICE(key_pair.pk.value, 0, + // LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + // pk_hash); + // EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); + +#ifdef LIBCRUX_X64 libcrux_sha3_sha256( - EURYDICE_SLICE(key_pair.pk.value, 0, + EURYDICE_SLICE(key_pair_avx2.pk.value, 0, LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), pk_hash); EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); - uint8_t sk_hash[32]; - libcrux_sha3_sha256( - EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - auto ctxt = libcrux_ml_kem_mlkem768_encapsulate( - &key_pair.pk, kat.encapsulation_seed.data()); - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - EURYDICE_SLICE(ctxt.fst.value, 0, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +#endif + + // uint8_t sk_hash[32]; + // libcrux_sha3_sha256( + // EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + // EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + // auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( + // &key_pair.pk, kat.encapsulation_seed.data()); + // uint8_t ct_hash[32]; + // libcrux_sha3_sha256( + // EURYDICE_SLICE(ctxt.fst.value, 0, + // LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + // ct_hash); + // EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + // EXPECT_EQ(0, + // memcmp(ctxt.snd, + // kat.shared_secret.data(), + // LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + // uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + // libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + // EXPECT_EQ(0, + // memcmp(ctxt.snd, + // sharedSecret2, + // LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } diff --git a/libcrux-ml-kem/c/tests/sha3.cc b/libcrux-ml-kem/c/tests/sha3.cc index 7184a6754..2801612a0 100644 --- a/libcrux-ml-kem/c/tests/sha3.cc +++ b/libcrux-ml-kem/c/tests/sha3.cc @@ -57,28 +57,3 @@ TEST(Sha3Test, ConsistencyTest) 32), 0); } - -#define KYBER768_SECRETKEYBYTES 2400 -#define KYBER768_PUBLICKEYBYTES 1184 -#define KYBER768_CIPHERTEXTBYTES 1088 -#define KYBER768_SHAREDSECRETBYTES 32 - -TEST(Kyber768Test, ConsistencyTest) -{ - uint8_t randomness[64] = { 0 }; - uint8_t publicKey[KYBER768_PUBLICKEYBYTES]; - uint8_t secretKey[KYBER768_SECRETKEYBYTES]; - - libcrux_ml_kem_types_MlKemKeyPair____2400size_t__1184size_t kp = - libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - - uint8_t ciphertext[KYBER768_CIPHERTEXTBYTES]; - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ cipher_and_shared_secret = - libcrux_ml_kem_mlkem768_encapsulate(&kp.pk, randomness); - - uint8_t sharedSecret2[KYBER768_SHAREDSECRETBYTES]; - libcrux_ml_kem_mlkem768_decapsulate(&kp.sk, &cipher_and_shared_secret.fst, sharedSecret2); - - EXPECT_EQ(0, memcmp(cipher_and_shared_secret.snd, sharedSecret2, KYBER768_SHAREDSECRETBYTES)); -} - diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 54542df86..4a49471c3 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -1,5 +1,30 @@ use super::*; +// For the case where we didn't compile with the simd128/simd256 features but +// have a CPU that has it and thus tries to call the simd128/simd256 version, +// we fall back to the portable version in this case. + +#[cfg(feature = "simd256")] +use instantiations::avx2::{ + decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, + generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, +}; +#[cfg(feature = "simd128")] +use instantiations::neon::{ + decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, + generate_keypair as generate_keypair_neon, validate_public_key as validate_public_key_neon, +}; +#[cfg(not(feature = "simd256"))] +use instantiations::portable::{ + decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, + generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, +}; +#[cfg(not(feature = "simd128"))] +use instantiations::portable::{ + decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, + generate_keypair as generate_keypair_neon, validate_public_key as validate_public_key_neon, +}; + pub(crate) fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -8,31 +33,9 @@ pub(crate) fn validate_public_key< public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { if libcrux_platform::simd256_support() { - #[cfg(feature = "simd256")] - return instantiations::avx2::validate_public_key::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key); - #[cfg(not(feature = "simd256"))] - instantiations::portable::validate_public_key::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key) + validate_public_key_avx2::(public_key) } else if libcrux_platform::simd128_support() { - #[cfg(feature = "simd128")] - return instantiations::neon::validate_public_key::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key); - #[cfg(not(feature = "simd128"))] - instantiations::portable::validate_public_key::< - K, - RANKED_BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - >(public_key) + validate_public_key_neon::(public_key) } else { instantiations::portable::validate_public_key::< K, @@ -55,18 +58,7 @@ pub(crate) fn generate_keypair< ) -> MlKemKeyPair { // Runtime feature detection. if libcrux_platform::simd256_support() { - #[cfg(feature = "simd256")] - return instantiations::avx2::generate_keypair::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness); - #[cfg(not(feature = "simd256"))] - instantiations::portable::generate_keypair::< + generate_keypair_avx2::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -76,18 +68,7 @@ pub(crate) fn generate_keypair< ETA1_RANDOMNESS_SIZE, >(randomness) } else if libcrux_platform::simd128_support() { - #[cfg(feature = "simd128")] - return instantiations::neon::generate_keypair::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness); - #[cfg(not(feature = "simd128"))] - instantiations::portable::generate_keypair::< + generate_keypair_neon::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -128,24 +109,7 @@ pub(crate) fn encapsulate< randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { if libcrux_platform::simd256_support() { - #[cfg(feature = "simd256")] - return instantiations::avx2::encapsulate::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness); - #[cfg(not(feature = "simd256"))] - instantiations::portable::encapsulate::< + encapsulate_avx2::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -161,24 +125,7 @@ pub(crate) fn encapsulate< ETA2_RANDOMNESS_SIZE, >(public_key, randomness) } else if libcrux_platform::simd128_support() { - #[cfg(not(feature = "simd128"))] - return instantiations::portable::encapsulate::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness); - #[cfg(all(feature = "simd128", target_arch = "aarch64"))] - instantiations::neon::encapsulate::< + encapsulate_neon::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -234,8 +181,7 @@ pub(crate) fn decapsulate< ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { if libcrux_platform::simd256_support() { - #[cfg(feature = "simd256")] - return instantiations::avx2::decapsulate::< + decapsulate_avx2::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -252,29 +198,9 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - #[cfg(not(feature = "simd256"))] - return instantiations::portable::decapsulate::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); + >(private_key, ciphertext) } else if libcrux_platform::simd128_support() { - #[cfg(feature = "simd128")] - return instantiations::neon::decapsulate::< + decapsulate_neon::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, @@ -291,26 +217,7 @@ pub(crate) fn decapsulate< ETA2, ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); - #[cfg(not(feature = "simd128"))] - return instantiations::portable::decapsulate::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext); + >(private_key, ciphertext) } else { instantiations::portable::decapsulate::< K, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 5a3a8b520..79fb38507 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -55,7 +55,9 @@ macro_rules! instantiate { /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. - pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option { + pub fn validate_public_key( + public_key: MlKem1024PublicKey, + ) -> Option { if p::validate_public_key::< RANK_1024, RANKED_BYTES_PER_RING_ELEMENT_1024, @@ -151,6 +153,7 @@ instantiate! {neon, ind_cca::instantiations::neon} /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. +#[cfg(not(eurydice))] pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option { if multiplexing::validate_public_key::< RANK_1024, @@ -170,6 +173,7 @@ pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option MlKemKeyPair { @@ -189,6 +193,7 @@ pub fn generate_key_pair( /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. +#[cfg(not(eurydice))] pub fn encapsulate( public_key: &MlKem1024PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -214,6 +219,7 @@ pub fn encapsulate( /// /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +#[cfg(not(eurydice))] pub fn decapsulate( private_key: &MlKem1024PrivateKey, ciphertext: &MlKem1024Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 3ec606dd7..caf50dda5 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -149,6 +149,7 @@ instantiate! {neon, ind_cca::instantiations::neon} /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. +#[cfg(not(eurydice))] pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option { if multiplexing::validate_public_key::< RANK_512, @@ -168,6 +169,7 @@ pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option MlKem512KeyPair { multiplexing::generate_keypair::< RANK_512, @@ -185,6 +187,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. +#[cfg(not(eurydice))] pub fn encapsulate( public_key: &MlKem512PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -210,6 +213,7 @@ pub fn encapsulate( /// /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +#[cfg(not(eurydice))] pub fn decapsulate( private_key: &MlKem512PrivateKey, ciphertext: &MlKem512Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 9fa1b03f3..3bd9333f4 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -150,6 +150,7 @@ instantiate! {neon, ind_cca::instantiations::neon} /// Validate a public key. /// /// Returns `Some(public_key)` if valid, and `None` otherwise. +#[cfg(not(eurydice))] pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option { if multiplexing::validate_public_key::< RANK_768, @@ -176,6 +177,7 @@ pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option MlKem768KeyPair { multiplexing::generate_keypair::< RANK_768, @@ -193,6 +195,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. +#[cfg(not(eurydice))] pub fn encapsulate( public_key: &MlKem768PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -218,6 +221,7 @@ pub fn encapsulate( /// /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +#[cfg(not(eurydice))] pub fn decapsulate( private_key: &MlKem768PrivateKey, ciphertext: &MlKem768Ciphertext, diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index bc7cc7c0e..7f2ca8acb 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -211,7 +211,6 @@ pub(crate) mod portable { pub(crate) struct PortableVector { pub(crate) elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], } - } use portable::*; @@ -296,8 +295,6 @@ pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { v } -use portable::*; - /// Signed Barrett Reduction /// /// Given an input `value`, `barrett_reduce` outputs a representative `result` diff --git a/libcrux-sha3/src/lib.rs b/libcrux-sha3/src/lib.rs index 42a95a52d..5ec1e2605 100644 --- a/libcrux-sha3/src/lib.rs +++ b/libcrux-sha3/src/lib.rs @@ -662,6 +662,8 @@ pub mod avx2 { pub mod x4 { #[cfg(feature = "simd256")] use crate::generic_keccak::keccak; + #[cfg(feature = "simd256")] + use libcrux_intrinsics::avx2::*; /// Perform 4 SHAKE256 operations in parallel #[allow(unused_variables)] // TODO: decide if we want to fall back here @@ -692,7 +694,7 @@ pub mod avx2 { // keccakx1::<136, 0x1fu8>([input3], [out3]); // } #[cfg(feature = "simd256")] - keccak::<4, core::arch::x86_64::__m256i, 136, 0x1fu8>( + keccak::<4, Vec256, 136, 0x1fu8>( [input0, input1, input2, input3], [out0, out1, out2, out3], ); @@ -764,10 +766,12 @@ pub mod avx2 { use crate::generic_keccak::{ absorb_final, squeeze_first_three_blocks, squeeze_next_block, KeccakState, }; + #[cfg(feature = "simd256")] + use libcrux_intrinsics::avx2::*; #[cfg(feature = "simd256")] pub struct KeccakState4 { - state: KeccakState<4, core::arch::x86_64::__m256i>, + state: KeccakState<4, Vec256>, } #[allow(dead_code)] #[cfg(all(feature = "simd128", not(feature = "simd256")))] @@ -838,10 +842,7 @@ pub mod avx2 { // shake128_absorb_final(&mut s3, data3); // } #[cfg(feature = "simd256")] - absorb_final::<4, core::arch::x86_64::__m256i, 168, 0x1fu8>( - &mut s.state, - [data0, data1, data2, data3], - ); + absorb_final::<4, Vec256, 168, 0x1fu8>(&mut s.state, [data0, data1, data2, data3]); } /// Initialise the state and perform up to 4 absorbs at the same time, @@ -910,7 +911,7 @@ pub mod avx2 { // shake128_squeeze_first_three_blocks(&mut s3, out3); // } #[cfg(feature = "simd256")] - squeeze_first_three_blocks::<4, core::arch::x86_64::__m256i, 168>( + squeeze_first_three_blocks::<4, Vec256, 168>( &mut s.state, [out0, out1, out2, out3], ); @@ -1004,10 +1005,7 @@ pub mod avx2 { // shake128_squeeze_next_block(&mut s3, out3); // } #[cfg(feature = "simd256")] - squeeze_next_block::<4, core::arch::x86_64::__m256i, 168>( - &mut s.state, - [out0, out1, out2, out3], - ); + squeeze_next_block::<4, Vec256, 168>(&mut s.state, [out0, out1, out2, out3]); } /// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState4`]. diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index a22d2ac2d..04005c483 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -1,17 +1,15 @@ -use core::arch::x86_64::*; - use crate::traits::*; use libcrux_intrinsics::avx2::*; #[inline(always)] -fn rotate_left(x: __m256i) -> __m256i { +fn rotate_left(x: Vec256) -> Vec256 { debug_assert!(LEFT + RIGHT == 64); // XXX: This could be done more efficiently, if the shift values are multiples of 8. mm256_xor_si256(mm256_slli_epi64::(x), mm256_srli_epi64::(x)) } #[inline(always)] -fn _veor5q_u64(a: __m256i, b: __m256i, c: __m256i, d: __m256i, e: __m256i) -> __m256i { +fn _veor5q_u64(a: Vec256, b: Vec256, c: Vec256, d: Vec256, e: Vec256) -> Vec256 { let ab = mm256_xor_si256(a, b); let cd = mm256_xor_si256(c, d); let abcd = mm256_xor_si256(ab, cd); @@ -19,30 +17,30 @@ fn _veor5q_u64(a: __m256i, b: __m256i, c: __m256i, d: __m256i, e: __m256i) -> __ } #[inline(always)] -fn _vrax1q_u64(a: __m256i, b: __m256i) -> __m256i { +fn _vrax1q_u64(a: Vec256, b: Vec256) -> Vec256 { mm256_xor_si256(a, rotate_left::<1, 63>(b)) } #[inline(always)] -fn _vxarq_u64(a: __m256i, b: __m256i) -> __m256i { +fn _vxarq_u64(a: Vec256, b: Vec256) -> Vec256 { let ab = mm256_xor_si256(a, b); rotate_left::(ab) } #[inline(always)] -fn _vbcaxq_u64(a: __m256i, b: __m256i, c: __m256i) -> __m256i { +fn _vbcaxq_u64(a: Vec256, b: Vec256, c: Vec256) -> Vec256 { mm256_xor_si256(a, mm256_andnot_si256(c, b)) } #[inline(always)] -fn _veorq_n_u64(a: __m256i, c: u64) -> __m256i { +fn _veorq_n_u64(a: Vec256, c: u64) -> Vec256 { // Casting here is required, doesn't change the value. let c = mm256_set1_epi64x(c as i64); mm256_xor_si256(a, c) } #[inline(always)] -pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [&[u8]; 4]) { +pub(crate) fn load_block(s: &mut [[Vec256; 5]; 5], blocks: [&[u8]; 4]) { debug_assert!(RATE <= blocks[0].len() && RATE % 8 == 0 && (RATE % 32 == 8 || RATE % 32 == 16)); for i in 0..RATE / 32 { let v0 = mm256_loadu_si256_u8(&blocks[0][32 * i..32 * (i + 1)]); @@ -94,10 +92,7 @@ pub(crate) fn load_block(s: &mut [[__m256i; 5]; 5], blocks: [ } #[inline(always)] -pub(crate) fn load_block_full( - s: &mut [[__m256i; 5]; 5], - blocks: [[u8; 200]; 4], -) { +pub(crate) fn load_block_full(s: &mut [[Vec256; 5]; 5], blocks: [[u8; 200]; 4]) { load_block::( s, [ @@ -110,7 +105,7 @@ pub(crate) fn load_block_full( } #[inline(always)] -pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [u8]; 4]) { +pub(crate) fn store_block(s: &[[Vec256; 5]; 5], out: [&mut [u8]; 4]) { for i in 0..RATE / 32 { let v0l = mm256_permute2x128_si256::<0x20>( s[(4 * i) / 5][(4 * i) % 5], @@ -164,7 +159,7 @@ pub(crate) fn store_block(s: &[[__m256i; 5]; 5], out: [&mut [ } #[inline(always)] -pub(crate) fn store_block_full(s: &[[__m256i; 5]; 5]) -> [[u8; 200]; 4] { +pub(crate) fn store_block_full(s: &[[Vec256; 5]; 5]) -> [[u8; 200]; 4] { let mut out0 = [0u8; 200]; let mut out1 = [0u8; 200]; let mut out2 = [0u8; 200]; @@ -193,7 +188,7 @@ fn split_at_mut_4(out: [&mut [u8]; 4], mid: usize) -> ([&mut [u8]; 4], [&mut [u8 ([out00, out10, out20, out30], [out01, out11, out21, out31]) } -impl KeccakItem<4> for __m256i { +impl KeccakItem<4> for Vec256 { #[inline(always)] fn zero() -> Self { mm256_set1_epi64x(0) From 822f616daf9669bbe37ee065dd7dca124353dc92 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Thu, 6 Jun 2024 15:12:33 +0200 Subject: [PATCH 22/74] nix: link using mold --- flake.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 689231107..d4c2c238b 100644 --- a/flake.nix +++ b/flake.nix @@ -38,15 +38,11 @@ ml-kem = craneLib.buildPackage { name = "ml-kem"; inherit src cargoArtifacts; - postPatch = '' - substituteInPlace libcrux-ml-kem/c/CMakeLists.txt \ - --replace " -flto" " # -flto" \ - --replace "add_link_options(-flto)" "#add_link_options(-flto)" - ''; nativeBuildInputs = [ pkgs.clang pkgs.cmake pkgs.gbenchmark + pkgs.mold-wrapped pkgs.ninja pkgs.python3 ]; @@ -57,6 +53,8 @@ cmake \ -DFETCHCONTENT_SOURCE_DIR_GOOGLETEST=${googletest} \ -DFETCHCONTENT_SOURCE_DIR_JSON=${json} \ + -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=mold" \ + -DCMAKE_SHARED_LINKER_FLAGS="-fuse-ld=mold" \ -G "Ninja Multi-Config" -B build cmake --build build --config Release ''; From a1eea98a98288b29e8c53d85eb8acf9983240a5d Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 7 Jun 2024 09:09:01 +0200 Subject: [PATCH 23/74] manual C fix for portable --- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 813f4fac4..ed7e13445 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -602,7 +602,8 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { Eurydice_slice, int16_t[16U], void *); core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + // XXX KB modified this line + memcpy(lit.elements, array.ptr, (size_t)16U * sizeof(int16_t)); return lit; } From cb80541540d071056798e81de3e976952aa2e521 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 7 Jun 2024 09:36:36 +0200 Subject: [PATCH 24/74] making the C code build on arm --- libcrux-ml-kem/c/benches/sha3.cc | 7 ++++++- libcrux-ml-kem/c/libcrux_core.c | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index fa077330f..9c5b88fb1 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -14,11 +14,14 @@ // This is only broken in C++ #define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) -#include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "internal/libcrux_core.h" + +#ifdef LIBCRUX_X64 +#include "intrinsics/libcrux_intrinsics_avx2.h" #include "internal/libcrux_sha3_avx2.h" +#endif void generate_random(uint8_t *output, uint32_t output_len) { @@ -56,6 +59,7 @@ sha3_512_64(benchmark::State &state) } } +#ifdef LIBCRUX_X64 static void shake128_34_504(benchmark::State &state) { @@ -132,5 +136,6 @@ BENCHMARK(sha3_512_64); BENCHMARK(shake128_34_504); BENCHMARK(shake256_1120_32); BENCHMARK(shake256_33_128); +#endif BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 95547276e..f3c81cf0c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -405,3 +405,10 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_arra KRML_HOST_EXIT(255U); } } + +void core_fmt_rt__core__fmt__rt__Argument__a__1__none( + core_fmt_rt_Argument x0[0U]){} + +core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( + Eurydice_slice x0, Eurydice_slice x1) {return NULL;} + From dcc3ebae1494941054b2277223f553d7cf82d1f2 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 7 Jun 2024 12:38:11 +0200 Subject: [PATCH 25/74] more tests --- libcrux-ml-kem/c/tests/mlkem768.cc | 343 ++++++++++++++++++----------- 1 file changed, 213 insertions(+), 130 deletions(-) diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index b03897d91..2d07d800e 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -23,6 +23,24 @@ using namespace std; typedef vector bytes; +template +Eurydice_slice mk_slice(T *x, size_t len) +{ + Eurydice_slice s; + s.ptr = (void *)x; + s.len = len; + return s; +} + +// Not really random +void generate_random(uint8_t *output, uint32_t output_len) +{ + for (size_t i = 0; i < output_len; i++) + { + output[i] = 13; + } +} + vector from_hex(const string &hex) { @@ -95,70 +113,72 @@ read_kats(string path) return kats; } -// void -// modify_ciphertext(uint8_t* ciphertext, size_t ciphertext_size) -// { -// uint8_t randomness[3]; -// generate_random(randomness, 3); +void modify_ciphertext(uint8_t *ciphertext, size_t ciphertext_size) +{ + uint8_t randomness[3]; + generate_random(randomness, 3); -// uint8_t random_byte = randomness[0]; -// if (random_byte == 0) { -// random_byte += 1; -// } + uint8_t random_byte = randomness[0]; + if (random_byte == 0) + { + random_byte += 1; + } -// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; -// uint16_t random_position = random_u16 % ciphertext_size; + uint16_t random_position = random_u16 % ciphertext_size; -// ciphertext[random_position] ^= random_byte; -// } + ciphertext[random_position] ^= random_byte; +} -// void -// modify_secret_key(uint8_t* secret_key, -// size_t secret_key_size, -// bool modify_implicit_rejection_value) -// { -// uint8_t randomness[3]; -// generate_random(randomness, 3); +void modify_secret_key(uint8_t *secret_key, + size_t secret_key_size, + bool modify_implicit_rejection_value) +{ + uint8_t randomness[3]; + generate_random(randomness, 3); -// uint8_t random_byte = randomness[0]; -// if (random_byte == 0) { -// random_byte += 1; -// } + uint8_t random_byte = randomness[0]; + if (random_byte == 0) + { + random_byte += 1; + } -// uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; + uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; -// uint16_t random_position = 0; + uint16_t random_position = 0; -// if (modify_implicit_rejection_value == true) { -// random_position = (secret_key_size - 32) + (random_u16 % 32); -// } else { -// random_position = random_u16 % (secret_key_size - 32); -// } + if (modify_implicit_rejection_value == true) + { + random_position = (secret_key_size - 32) + (random_u16 % 32); + } + else + { + random_position = random_u16 % (secret_key_size - 32); + } -// secret_key[random_position] ^= random_byte; -// } + secret_key[random_position] ^= random_byte; +} -// uint8_t* -// compute_implicit_rejection_shared_secret(uint8_t* ciphertext, -// size_t ciphertext_size, -// uint8_t* secret_key, -// size_t secret_key_size) -// { -// uint8_t* hashInput = new uint8_t[32 + ciphertext_size]; -// uint8_t* sharedSecret = new uint8_t[32]; +uint8_t * +compute_implicit_rejection_shared_secret(uint8_t *ciphertext, + size_t ciphertext_size, + uint8_t *secret_key, + size_t secret_key_size) +{ + uint8_t *hashInput = new uint8_t[32 + ciphertext_size]; + uint8_t *sharedSecret = new uint8_t[32]; -// std::copy(secret_key + (secret_key_size - 32), -// secret_key + secret_key_size, -// hashInput); -// std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); + std::copy(secret_key + (secret_key_size - 32), + secret_key + secret_key_size, + hashInput); + std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); -// Hacl_Hash_SHA3_shake256_hacl( -// 32 + ciphertext_size, hashInput, 32, sharedSecret); + libcrux_sha3_sha256(mk_slice(hashInput, 32 + ciphertext_size), sharedSecret); -// delete[] hashInput; -// return sharedSecret; -// } + delete[] hashInput; + return sharedSecret; +} #ifdef LIBCRUX_X64 TEST(MlKem768TestAvx2, ConsistencyTest) @@ -183,25 +203,15 @@ TEST(MlKem768TestPortable, ConsistencyTest) { uint8_t randomness[64]; for (int i = 0; i < 64; i++) + { randomness[i] = 13; - // generate_random(randomness, 64); + } auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - // printf("pk: "); - // print_hex_ln(1184, key_pair.pk.value); - // printf("sk: "); - // print_hex_ln(2400, key_pair.sk.value); - // generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - // printf("ctxt: "); - // print_hex_ln(1088U, ctxt.fst.value); - // printf("secret: "); - // print_hex_ln(32, ctxt.snd); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - // printf("secret2: "); - // print_hex_ln(32, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, @@ -209,38 +219,77 @@ TEST(MlKem768TestPortable, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } -// TEST(Kyber768Test, ModifiedCiphertextTest) -// { -// uint8_t randomness[64]; -// generate_random(randomness, 64); -// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); +TEST(Kyber768TestPortable, ModifiedCiphertextTest) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); -// generate_random(randomness, 32); -// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); -// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; -// modify_ciphertext(ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + modify_ciphertext(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); -// EXPECT_NE(0, -// memcmp(ctxt.snd, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + EXPECT_NE(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -// uint8_t* implicitRejectionSharedSecret = -// compute_implicit_rejection_shared_secret( -// ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, -// key_pair.sk.value, -// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + uint8_t *implicitRejectionSharedSecret = + compute_implicit_rejection_shared_secret( + ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, + key_pair.sk.value, + LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); -// EXPECT_EQ(0, -// memcmp(implicitRejectionSharedSecret, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -// delete[] implicitRejectionSharedSecret; -// } + cout << "implicitRejectionSS: " << bytes_to_hex(bytes(implicitRejectionSharedSecret, implicitRejectionSharedSecret + 32)) << endl; + cout << "sharedSecret2: " << bytes_to_hex(bytes(sharedSecret2, sharedSecret2 + 32)) << endl; + EXPECT_EQ(0, + memcmp(implicitRejectionSharedSecret, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + delete[] implicitRejectionSharedSecret; +} + +#ifdef LIBCRUX_X64 +TEST(Kyber768TestAvx2, ModifiedCiphertextTest) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + modify_ciphertext(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_NE(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t *implicitRejectionSharedSecret = + compute_implicit_rejection_shared_secret( + ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, + key_pair.sk.value, + LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + + cout << "implicitRejectionSS: " << bytes_to_hex(bytes(implicitRejectionSharedSecret, implicitRejectionSharedSecret + 32)) << endl; + cout << "sharedSecret2: " << bytes_to_hex(bytes(sharedSecret2, sharedSecret2 + 32)) << endl; + EXPECT_EQ(0, + memcmp(implicitRejectionSharedSecret, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + delete[] implicitRejectionSharedSecret; +} +#endif // LIBCRUX_X64 // TEST(Kyber768Test, ModifiedSecretKeyTest) // { @@ -278,59 +327,93 @@ TEST(MlKem768TestPortable, ConsistencyTest) // delete[] implicitRejectionSharedSecret; // } -TEST(MlKem768Test, NISTKnownAnswerTest) +#ifdef LIBCRUX_X64 +TEST(MlKem768TestAvx2, NISTKnownAnswerTest) { // XXX: This should be done in a portable way. auto kats = read_kats("tests/mlkem768_nistkats.json"); for (auto kat : kats) { - // auto key_pair = - // libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); - -#ifdef LIBCRUX_X64 - auto key_pair_avx2 = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); -#endif + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); uint8_t pk_hash[32]; - // libcrux_sha3_sha256( - // EURYDICE_SLICE(key_pair.pk.value, 0, - // LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), - // pk_hash); - // EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); + libcrux_sha3_sha256( + mk_slice(key_pair.pk.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + pk_hash); + EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); -#ifdef LIBCRUX_X64 + uint8_t sk_hash[32]; + libcrux_sha3_sha256( + mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate( + &key_pair.pk, kat.encapsulation_seed.data()); + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + mk_slice(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + } +} +#endif // LIBCRUX_X64 + +TEST(MlKem768TestPortable, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = + libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); + + uint8_t pk_hash[32]; libcrux_sha3_sha256( - EURYDICE_SLICE(key_pair_avx2.pk.value, 0, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + mk_slice(key_pair.pk.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), pk_hash); EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); -#endif - // uint8_t sk_hash[32]; - // libcrux_sha3_sha256( - // EURYDICE_SLICE(key_pair.sk.value, 0, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - // EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - // auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( - // &key_pair.pk, kat.encapsulation_seed.data()); - // uint8_t ct_hash[32]; - // libcrux_sha3_sha256( - // EURYDICE_SLICE(ctxt.fst.value, 0, - // LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - // ct_hash); - // EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - // EXPECT_EQ(0, - // memcmp(ctxt.snd, - // kat.shared_secret.data(), - // LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - // uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - // libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - // EXPECT_EQ(0, - // memcmp(ctxt.snd, - // sharedSecret2, - // LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + uint8_t sk_hash[32]; + libcrux_sha3_sha256( + mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( + &key_pair.pk, kat.encapsulation_seed.data()); + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + mk_slice(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } From 582b342ab5c6d30ab05b676969e77fd981a397a2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 7 Jun 2024 19:33:20 +0200 Subject: [PATCH 26/74] fixed test --- libcrux-ml-kem/c/tests/mlkem768.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 2d07d800e..5244f046b 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -168,13 +168,16 @@ compute_implicit_rejection_shared_secret(uint8_t *ciphertext, { uint8_t *hashInput = new uint8_t[32 + ciphertext_size]; uint8_t *sharedSecret = new uint8_t[32]; + Eurydice_slice ss; + ss.ptr = (void*) sharedSecret; + ss.len = 32; std::copy(secret_key + (secret_key_size - 32), secret_key + secret_key_size, hashInput); std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); - libcrux_sha3_sha256(mk_slice(hashInput, 32 + ciphertext_size), sharedSecret); + libcrux_sha3_portable_shake256(ss,mk_slice(hashInput, 32 + ciphertext_size)); delete[] hashInput; return sharedSecret; @@ -245,8 +248,7 @@ TEST(Kyber768TestPortable, ModifiedCiphertextTest) key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - cout << "implicitRejectionSS: " << bytes_to_hex(bytes(implicitRejectionSharedSecret, implicitRejectionSharedSecret + 32)) << endl; - cout << "sharedSecret2: " << bytes_to_hex(bytes(sharedSecret2, sharedSecret2 + 32)) << endl; + EXPECT_EQ(0, memcmp(implicitRejectionSharedSecret, sharedSecret2, From f52bb2a837c3cb84ef1480ed253a53afd7ce7198 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 7 Jun 2024 19:44:30 +0200 Subject: [PATCH 27/74] enable all tests --- libcrux-ml-kem/c/tests/mlkem768.cc | 195 ++++++++++++++++------------- 1 file changed, 111 insertions(+), 84 deletions(-) diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 5244f046b..69b874e92 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -15,10 +15,6 @@ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" -#ifdef LIBCRUX_X64 -#include "libcrux_mlkem768_avx2.h" -#endif - using namespace std; typedef vector bytes; @@ -169,7 +165,7 @@ compute_implicit_rejection_shared_secret(uint8_t *ciphertext, uint8_t *hashInput = new uint8_t[32 + ciphertext_size]; uint8_t *sharedSecret = new uint8_t[32]; Eurydice_slice ss; - ss.ptr = (void*) sharedSecret; + ss.ptr = (void *)sharedSecret; ss.len = 32; std::copy(secret_key + (secret_key_size - 32), @@ -177,31 +173,12 @@ compute_implicit_rejection_shared_secret(uint8_t *ciphertext, hashInput); std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); - libcrux_sha3_portable_shake256(ss,mk_slice(hashInput, 32 + ciphertext_size)); + libcrux_sha3_portable_shake256(ss, mk_slice(hashInput, 32 + ciphertext_size)); delete[] hashInput; return sharedSecret; } -#ifdef LIBCRUX_X64 -TEST(MlKem768TestAvx2, ConsistencyTest) -{ - uint8_t randomness[64]; - for (int i = 0; i < 64; i++) - randomness[i] = 13; - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} -#endif - TEST(MlKem768TestPortable, ConsistencyTest) { uint8_t randomness[64]; @@ -248,7 +225,6 @@ TEST(Kyber768TestPortable, ModifiedCiphertextTest) key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - EXPECT_EQ(0, memcmp(implicitRejectionSharedSecret, sharedSecret2, @@ -256,88 +232,51 @@ TEST(Kyber768TestPortable, ModifiedCiphertextTest) delete[] implicitRejectionSharedSecret; } -#ifdef LIBCRUX_X64 -TEST(Kyber768TestAvx2, ModifiedCiphertextTest) +TEST(Kyber768TestPortable, ModifiedSecretKeyTest) { uint8_t randomness[64]; generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - modify_ciphertext(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + modify_secret_key( + key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); EXPECT_NE(0, memcmp(ctxt.snd, sharedSecret2, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + modify_secret_key( + ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + uint8_t *implicitRejectionSharedSecret = compute_implicit_rejection_shared_secret( ctxt.fst.value, LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - - cout << "implicitRejectionSS: " << bytes_to_hex(bytes(implicitRejectionSharedSecret, implicitRejectionSharedSecret + 32)) << endl; - cout << "sharedSecret2: " << bytes_to_hex(bytes(sharedSecret2, sharedSecret2 + 32)) << endl; EXPECT_EQ(0, memcmp(implicitRejectionSharedSecret, sharedSecret2, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); delete[] implicitRejectionSharedSecret; } -#endif // LIBCRUX_X64 - -// TEST(Kyber768Test, ModifiedSecretKeyTest) -// { -// uint8_t randomness[64]; -// generate_random(randomness, 64); -// auto key_pair = libcrux_ml_kem_mlkem768_generate_key_pair(randomness); - -// generate_random(randomness, 32); -// auto ctxt = libcrux_ml_kem_mlkem768_encapsulate(&key_pair.pk, randomness); - -// uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; -// modify_secret_key( -// key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - -// EXPECT_NE(0, -// memcmp(ctxt.snd, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - -// modify_secret_key( -// ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); -// libcrux_ml_kem_mlkem768_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - -// uint8_t* implicitRejectionSharedSecret = -// compute_implicit_rejection_shared_secret( -// ctxt.fst.value, -// LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, -// key_pair.sk.value, -// LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); -// EXPECT_EQ(0, -// memcmp(implicitRejectionSharedSecret, -// sharedSecret2, -// LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -// delete[] implicitRejectionSharedSecret; -// } -#ifdef LIBCRUX_X64 -TEST(MlKem768TestAvx2, NISTKnownAnswerTest) +TEST(MlKem768TestPortable, NISTKnownAnswerTest) { // XXX: This should be done in a portable way. auto kats = read_kats("tests/mlkem768_nistkats.json"); for (auto kat : kats) { - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); + auto key_pair = + libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); uint8_t pk_hash[32]; libcrux_sha3_sha256( @@ -351,7 +290,7 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate( + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( &key_pair.pk, kat.encapsulation_seed.data()); uint8_t ct_hash[32]; libcrux_sha3_sha256( @@ -365,7 +304,7 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, @@ -373,17 +312,104 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } -#endif // LIBCRUX_X64 -TEST(MlKem768TestPortable, NISTKnownAnswerTest) +#ifdef LIBCRUX_X64 +#include "libcrux_mlkem768_avx2.h" + +TEST(MlKem768TestAvx2, ConsistencyTest) +{ + uint8_t randomness[64]; + for (int i = 0; i < 64; i++) + randomness[i] = 13; + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + +TEST(Kyber768TestAvx2, ModifiedCiphertextTest) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + modify_ciphertext(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_NE(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t *implicitRejectionSharedSecret = + compute_implicit_rejection_shared_secret( + ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, + key_pair.sk.value, + LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + + EXPECT_EQ(0, + memcmp(implicitRejectionSharedSecret, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + delete[] implicitRejectionSharedSecret; +} + +TEST(Kyber768TestAvx2, ModifiedSecretKeyTest) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + modify_secret_key( + key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_NE(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + modify_secret_key( + ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + uint8_t *implicitRejectionSharedSecret = + compute_implicit_rejection_shared_secret( + ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, + key_pair.sk.value, + LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); + EXPECT_EQ(0, + memcmp(implicitRejectionSharedSecret, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + delete[] implicitRejectionSharedSecret; +} + +TEST(MlKem768TestAvx2, NISTKnownAnswerTest) { // XXX: This should be done in a portable way. auto kats = read_kats("tests/mlkem768_nistkats.json"); for (auto kat : kats) { - auto key_pair = - libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); uint8_t pk_hash[32]; libcrux_sha3_sha256( @@ -397,7 +423,7 @@ TEST(MlKem768TestPortable, NISTKnownAnswerTest) mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate( &key_pair.pk, kat.encapsulation_seed.data()); uint8_t ct_hash[32]; libcrux_sha3_sha256( @@ -411,7 +437,7 @@ TEST(MlKem768TestPortable, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, @@ -419,3 +445,4 @@ TEST(MlKem768TestPortable, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } +#endif // LIBCRUX_X64 From 5c93ae41992a6988312d4ac79ca77767bca35b71 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 7 Jun 2024 20:18:16 +0200 Subject: [PATCH 28/74] drop libcrux-sha3/c --- libcrux-sha3/c/core.c | 28 - libcrux-sha3/c/core.h | 33 - libcrux-sha3/c/eurydice_glue.h | 240 -- libcrux-sha3/c/internal/core.h | 66 - libcrux-sha3/c/internal/libcrux_sha3.h | 31 - libcrux-sha3/c/internal/libcrux_sha3_avx2.h | 463 --- libcrux-sha3/c/libcrux_sha3.c | 3268 ------------------- libcrux-sha3/c/libcrux_sha3.h | 951 ------ libcrux-sha3/c/libcrux_sha3_avx2.c | 2721 --------------- libcrux-sha3/c/libcrux_sha3_avx2.h | 170 - libcrux-sha3/c/libcrux_sha3_neon.c | 179 - libcrux-sha3/c/libcrux_sha3_neon.h | 68 - 12 files changed, 8218 deletions(-) delete mode 100644 libcrux-sha3/c/core.c delete mode 100644 libcrux-sha3/c/core.h delete mode 100644 libcrux-sha3/c/eurydice_glue.h delete mode 100644 libcrux-sha3/c/internal/core.h delete mode 100644 libcrux-sha3/c/internal/libcrux_sha3.h delete mode 100644 libcrux-sha3/c/internal/libcrux_sha3_avx2.h delete mode 100644 libcrux-sha3/c/libcrux_sha3.c delete mode 100644 libcrux-sha3/c/libcrux_sha3.h delete mode 100644 libcrux-sha3/c/libcrux_sha3_avx2.c delete mode 100644 libcrux-sha3/c/libcrux_sha3_avx2.h delete mode 100644 libcrux-sha3/c/libcrux_sha3_neon.c delete mode 100644 libcrux-sha3/c/libcrux_sha3_neon.h diff --git a/libcrux-sha3/c/core.c b/libcrux-sha3/c/core.c deleted file mode 100644 index 7275df06c..000000000 --- a/libcrux-sha3/c/core.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/core.h" - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -) -{ - if (self.tag == core_result_Ok) - { - uint8_t f0[8U]; - memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof (uint8_t)); - memcpy(ret, f0, (size_t)8U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - diff --git a/libcrux-sha3/c/core.h b/libcrux-sha3/c/core.h deleted file mode 100644 index 35544bbd3..000000000 --- a/libcrux-sha3/c/core.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __core_H -#define __core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct core_ops_range_Range__size_t_s -{ - size_t start; - size_t end; -} -core_ops_range_Range__size_t; - -extern uint8_t Eurydice_bitand_pv_u8(uint8_t *x, uint8_t y); - -extern uint8_t Eurydice_shr_pv_u8(uint8_t *x, int32_t y); - -#if defined(__cplusplus) -} -#endif - -#define __core_H_DEFINED -#endif diff --git a/libcrux-sha3/c/eurydice_glue.h b/libcrux-sha3/c/eurydice_glue.h deleted file mode 100644 index 0235fbeea..000000000 --- a/libcrux-sha3/c/eurydice_glue.h +++ /dev/null @@ -1,240 +0,0 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "krml/lowstar_endianness.h" -#include "krml/internal/target.h" - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) - -// SLICES, ARRAYS, ETC. - -// We represent a slice as a pair of an (untyped) pointer, along with the length of the slice, i.e. -// the number of elements in the slice (this is NOT the number of bytes). This design choice has two -// important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you need to multiply it -// by sizeof t, where t is the type of the elements. -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x (included), and an end -// index in x (excluded). The argument x must be suitably cast to something that can decay (see -// remark above about how pointer arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) ((Eurydice_slice){ .ptr = (void*)(x + start), .len = end - start }) -#define EURYDICE_SLICE_LEN(s, _) s.len -#define Eurydice_slice_index(s, i, t, _ret_t) (((t*) s.ptr)[i]) -#define Eurydice_slice_index_outparam(s, i, dst, t, _ret_t) (memcpy(dst, ((t*) s.ptr)[i], sizeof(t))) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, r.start, r.end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) EURYDICE_SLICE((t*)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) EURYDICE_SLICE(x, 0, end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) EURYDICE_SLICE((t*)x, r.start, r.end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) EURYDICE_SLICE((t*)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) ((Eurydice_slice){ .ptr = ptr_, .len = len_ }) - -#define core_array___core__clone__Clone_for__Array_T__N___20__clone(len, src, dst, elem_type, _ret_t) \ - (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){ \ - .fst = EURYDICE_SLICE((element_type*)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type*)slice.ptr, mid, slice.len)}) - - -// Can't have a flexible array as a member of a union -- this violates strict aliasing rules. -typedef struct -{ - uint8_t tag; - uint8_t case_Ok[]; -} -result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { - uint32_t x = htobe32(src); - memcpy(dst, &x, 4); -} - -static inline void core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8]) { - store64_le(buf,v); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - return load64_le(buf); -} - -static inline int64_t -core_convert_num___core__convert__From_i32__for_i64__59__from(int32_t x) { - return x; -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } - -static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { - *x0 = *x0 + *x1; -} - -static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { return (*p) & v; } -static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } - -// ITERATORS - -#define core_num_nonzero_NonZeroUsize size_t -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) ( \ - ((iter_ptr)->start == (iter_ptr)->end) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t) { .tag = core_option_Some, .f0 = (iter_ptr)->start++ }) \ - ) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter Eurydice_into_iter - -typedef struct { - Eurydice_slice slice; - size_t chunk_size; -} Eurydice_chunks; - - -// Can't use macros Eurydice_slice_subslice_{to,from} because they require a type, and this static -// inline function cannot receive a type as an argument. Instead, we receive the element size and -// use it to peform manual offset computations rather than going through the macros. -static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t element_size) { - size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = ((Eurydice_slice) { .ptr = chunks->slice.ptr, .len = chunk_size }); - chunks->slice = ((Eurydice_slice) { - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size - }); - return curr_chunk; -} - -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ .slice = slice_, .chunk_size = sz_ }) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) ((Eurydice_chunks){ \ - .slice = { .ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_) }, \ - .chunk_size = sz_ }) -#define core_slice_iter_Chunks Eurydice_chunks -#define core_slice_iter_ChunksExact Eurydice_chunks -#define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = chunk_next(iter, sizeof(t)) })) -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next(iter, t, _ret_t) \ - core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) - -typedef struct { - Eurydice_slice s; - size_t index; -} Eurydice_slice_iterator; - -#define core_slice___Slice_T___iter(x, t, _ret_t) ((Eurydice_slice_iterator){ .s = x, .index = 0 }) -#define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, ret_t) \ - (((iter)->index == (iter)->s.len) ? \ - ((ret_t) { .tag = core_option_None }) : \ - ((ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, &((t*)((iter)->s.ptr))[(iter)->index-1]) })) - -// STRINGS - -typedef const char *Prims_string; - -// MISC (UNTESTED) - -typedef void *core_fmt_Formatter; -typedef void *core_fmt_Arguments; -typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, x4) NULL - -// VECTORS (ANCIENT, POSSIBLY UNTESTED) - -/* For now these are passed by value -- three words. We could conceivably change - * the representation to heap-allocate this struct and only pass around the - * pointer (one word). */ -typedef struct { - void *ptr; - size_t len; /* the number of elements */ - size_t alloc_size; /* the size of the allocation, in number of BYTES */ -} Eurydice_vec_s, *Eurydice_vec; - -/* Here, we set everything to zero rather than use a non-standard GCC - * statement-expression -- this suitably initializes ptr to NULL and len and - * size to 0. */ -#define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size/sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX/2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX/sizeof(t))*sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t*)v->ptr)[v->len] = x; \ - v->len++; \ - } while (0) - -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ - } while (0) - -#define EURYDICE_VEC_INDEX(v, i, t) &((t*) v->ptr)[i] -#define EURYDICE_VEC_LEN(v, t) (v)->len - -/* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) ({ t *p = malloc(sizeof(t)); *p = x; p; }) - -#define EURYDICE_REPLACE(ptr, new_v, t) ({ t old_v = *ptr; *ptr = new_v; old_v; }) - -#if defined(__cplusplus) -} -#endif diff --git a/libcrux-sha3/c/internal/core.h b/libcrux-sha3/c/internal/core.h deleted file mode 100644 index 168229151..000000000 --- a/libcrux-sha3/c/internal/core.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_core_H -#define __internal_core_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../core.h" -#include "eurydice_glue.h" - -#define core_option_None 0 -#define core_option_Some 1 - -typedef uint8_t core_option_Option__size_t_tags; - -typedef struct core_option_Option__size_t_s -{ - core_option_Option__size_t_tags tag; - size_t f0; -} -core_option_Option__size_t; - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none(core_fmt_rt_Argument x0[0U]); - -extern core_fmt_Arguments -core_fmt__core__fmt__Arguments__a__2__new_v1(Eurydice_slice x0, Eurydice_slice x1); - -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_tags; - -typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s -{ - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError; - -void -core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError self, - uint8_t ret[8U] -); - -#if defined(__cplusplus) -} -#endif - -#define __internal_core_H_DEFINED -#endif diff --git a/libcrux-sha3/c/internal/libcrux_sha3.h b/libcrux-sha3/c/internal/libcrux_sha3.h deleted file mode 100644 index 5ca4022b5..000000000 --- a/libcrux-sha3/c/internal/libcrux_sha3.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_sha3_H -#define __internal_libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/core.h" -#include "../libcrux_sha3.h" -#include "eurydice_glue.h" - -typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s -{ - Eurydice_slice fst; - Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-sha3/c/internal/libcrux_sha3_avx2.h b/libcrux-sha3/c/internal/libcrux_sha3_avx2.h deleted file mode 100644 index 8bf44a565..000000000 --- a/libcrux-sha3/c/internal/libcrux_sha3_avx2.h +++ /dev/null @@ -1,463 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __internal_libcrux_sha3_avx2_H -#define __internal_libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "internal/libcrux_sha3.h" -#include "internal/core.h" -#include "../libcrux_sha3_avx2.h" -#include "eurydice_glue.h" - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -void -libcrux_sha3_simd_avx2_store_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -); - -void -libcrux_sha3_simd_avx2_load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -); - -void -libcrux_sha3_simd_avx2_load_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t ret[4U][200U] -); - -void -libcrux_sha3_simd_avx2_store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t ret[4U][200U] -); - -void -libcrux_sha3_simd_avx2_store_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -); - -void -libcrux_sha3_simd_avx2_load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x); - -void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -); - -void -libcrux_sha3_simd_avx2_load_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -); - -core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-sha3/c/libcrux_sha3.c b/libcrux-sha3/c/libcrux_sha3.c deleted file mode 100644 index c82f8da13..000000000 --- a/libcrux-sha3/c/libcrux_sha3.c +++ /dev/null @@ -1,3268 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "internal/libcrux_sha3.h" - -#include "internal/core.h" - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) -{ - size_t uu____0; - switch (mode) - { - case libcrux_sha3_Sha224: - { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = (size_t)64U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha224(digest, payload); -} - -inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) -{ - uint8_t out[28U] = { 0U }; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)28U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha256(digest, payload); -} - -inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) -{ - uint8_t out[32U] = { 0U }; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)32U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha384(digest, payload); -} - -inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) -{ - uint8_t out[48U] = { 0U }; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)48U * sizeof (uint8_t)); -} - -inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) -{ - libcrux_sha3_portable_sha512(digest, payload); -} - -inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) -{ - uint8_t out[64U] = { 0U }; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), - data); - memcpy(ret, out, (size_t)64U * sizeof (uint8_t)); -} - -const -size_t -libcrux_sha3_generic_keccak__ROTC[24U] = - { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, (size_t)44U, (size_t)6U, - (size_t)55U, (size_t)20U, (size_t)3U, (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, - (size_t)41U, (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, - (size_t)61U, (size_t)56U, (size_t)14U - }; - -const -size_t -libcrux_sha3_generic_keccak__PI[24U] = - { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, (size_t)9U, (size_t)10U, - (size_t)16U, (size_t)22U, (size_t)1U, (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, - (size_t)4U, (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, (size_t)8U, - (size_t)14U, (size_t)15U, (size_t)21U - }; - -const -uint64_t -libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = - { - 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, - 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, - 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, - 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, - 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL - }; - -inline uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - uint64_t ab = a ^ b; - uint64_t cd = c ^ d; - uint64_t abcd = ab ^ cd; - return abcd ^ e; -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; -} - -inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) -{ - uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(b); -} - -inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) -{ - return a ^ (b & ~c); -} - -inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) -{ - return a ^ c; -} - -inline void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - ret[0U] = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) -{ - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out[0U], - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ lit; - lit.fst[0U] = out00; - lit.snd[0U] = out01; - return lit; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void) -{ - return 0ULL; -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -) -{ - return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -) -{ - return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -) -{ - return a ^ b; -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (Eurydice_slice)); -} - -inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -) -{ - return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); -} - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v) -{ - libcrux_sha3_Algorithm uu____0; - switch (v) - { - case 1U: - { - uu____0 = libcrux_sha3_Sha224; - break; - } - case 2U: - { - uu____0 = libcrux_sha3_Sha256; - break; - } - case 3U: - { - uu____0 = libcrux_sha3_Sha384; - break; - } - case 4U: - { - uu____0 = libcrux_sha3_Sha512; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } - } - return uu____0; -} - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -) -{ - uint32_t uu____0; - switch (v) - { - case libcrux_sha3_Sha224: - { - uu____0 = 1U; - break; - } - case libcrux_sha3_Sha256: - { - uu____0 = 2U; - break; - } - case libcrux_sha3_Sha384: - { - uu____0 = 3U; - break; - } - case libcrux_sha3_Sha512: - { - uu____0 = 4U; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; - lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); - return lit; -} - -inline void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, uu____1); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); -} - -inline uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x) -{ - return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; -} - -inline uint64_t -libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b) -{ - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(ab); -} - -inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -) -{ - return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][0U], - s->st[1U][0U], - s->st[2U][0U], - s->st[3U][0U], - s->st[4U][0U]); - uint64_t - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][1U], - s->st[1U][1U], - s->st[2U][1U], - s->st[3U][1U], - s->st[4U][1U]); - uint64_t - uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][2U], - s->st[1U][2U], - s->st[2U][2U], - s->st[3U][2U], - s->st[4U][2U]); - uint64_t - uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][3U], - s->st[1U][3U], - s->st[2U][3U], - s->st[3U][3U], - s->st[4U][3U]); - uint64_t - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - uint64_t - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)0U - + (size_t)4U) - % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)1U - + (size_t)4U) - % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)2U - + (size_t)4U) - % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64_t - uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)3U - + (size_t)4U) - % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64_t - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor(c[((size_t)4U - + (size_t)4U) - % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - uint64_t - uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor(s->st[0U][0U], - t[0U]); - s->st[0U][0U] = uu____8; - uint64_t - uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - uint64_t - uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - uint64_t - uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - uint64_t - uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - uint64_t - uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - uint64_t - uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - uint64_t - uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - uint64_t - uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - uint64_t - uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - uint64_t - uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - uint64_t - uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - uint64_t - uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - uint64_t - uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - uint64_t - uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - uint64_t - uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - uint64_t - uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - uint64_t - uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - uint64_t - uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - uint64_t - uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - uint64_t - uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - uint64_t - uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - uint64_t - uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - uint64_t - uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - uint64_t - uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -inline void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - uint64_t [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - uint64_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (uint64_t [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { - size_t j = i; - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } -} - -inline void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -) -{ - uint64_t - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant(s->st[0U][0U], - libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___72size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___72size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___72size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___72size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)72U, - (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)72U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)72U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___72size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___144size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___144size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___144size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___144size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)144U, - (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___144size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___136size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___136size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___104size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___104size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___104size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___104size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)104U, - (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___104size_t_6uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, - Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, - uint8_t [8U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError(dst, - ret); - uint64_t uu____0 = core_num__u64_9__from_le_bytes(ret); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = s[uu____1][uu____2] ^ uu____0; - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - uint64_t (*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -) -{ - uint64_t (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_load_block___168size_t(uu____0, buf); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -) -{ - uint64_t (*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak_load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t out[200U] = { 0U }; - uint64_t (*uu____0)[5U] = s; - Eurydice_slice - buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice) }; - libcrux_sha3_portable_keccak_store_block___168size_t(uu____0, buf); - uint8_t uu____1[200U]; - memcpy(uu____1, out, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____1, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -) -{ - uint8_t ret0[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); - memcpy(ret, ret0, (size_t)1U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -) -{ - libcrux_sha3_portable_keccak_store_block___168size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)168U, - (size_t)168U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___168size_t_31uint8_t(buf0, buf); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - uint64_t (*uu____1)[5U] = s->st; - uint8_t uu____2[1U][200U]; - memcpy(uu____2, blocks, (size_t)1U * sizeof (uint8_t [200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); -} - -inline void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____1, - i0 * (size_t)136U, - (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t(uu____0, ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, - ret); - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t(&s, out); - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)136U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t(&s, o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o1, - (size_t)136U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -) -{ - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t(uu____0, out); -} - -inline void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data) -{ - Eurydice_slice buf0[1U] = { data }; - Eurydice_slice buf[1U] = { digest }; - libcrux_sha3_portable_keccakx1___136size_t_31uint8_t(buf0, buf); -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -) -{ - return self[0U]; -} - -inline libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t(); -} - -inline void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -) -{ - Eurydice_slice buf[1U] = { data0 }; - libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t(s, buf); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -) -{ - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(out, - (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ - uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n(o10, - (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof (Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, o2); -} - -inline void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t(s, buf); -} - -inline void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -) -{ - Eurydice_slice buf[1U] = { out0 }; - libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t(s, buf); -} - diff --git a/libcrux-sha3/c/libcrux_sha3.h b/libcrux-sha3/c/libcrux_sha3.h deleted file mode 100644 index 66384185c..000000000 --- a/libcrux-sha3/c/libcrux_sha3.h +++ /dev/null @@ -1,951 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_H -#define __libcrux_sha3_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "core.h" -#include "eurydice_glue.h" - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode); - -void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]); - -void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]); - -void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]); - -void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload); - -void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]); - -extern const size_t libcrux_sha3_generic_keccak__ROTC[24U]; - -extern const size_t libcrux_sha3_generic_keccak__PI[24U]; - -extern const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U]; - -uint64_t -libcrux_sha3_portable_keccak__veor5q_u64( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___1int32_t_63int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b); - -uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c); - -uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c); - -void -libcrux_sha3_portable_keccak_slice_1( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -typedef struct K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t__s -{ - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_; - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(void); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( - uint64_t a, - uint64_t b, - uint64_t c, - uint64_t d, - uint64_t e -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( - uint64_t a, - uint64_t b -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( - uint64_t a, - uint64_t b, - uint64_t c -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( - uint64_t a, - uint64_t c -); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( - Eurydice_slice a[1U], - size_t start, - size_t len, - Eurydice_slice ret[1U] -); - -K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( - Eurydice_slice a[1U], - size_t mid -); - -libcrux_sha3_Algorithm -libcrux_sha3___core__convert__From_u32__for_libcrux_sha3__Algorithm___from(uint32_t v); - -uint32_t -libcrux_sha3___core__convert__From_libcrux_sha3__Algorithm__for_u32__1__from( - libcrux_sha3_Algorithm v -); - -typedef struct libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t_s -{ uint64_t st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__uint64_t_1size_t( - void -); - -void -libcrux_sha3_portable_keccak_load_block___72size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___36int32_t_28int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___3int32_t_61int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___41int32_t_23int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___18int32_t_46int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___44int32_t_20int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___10int32_t_54int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___45int32_t_19int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___2int32_t_62int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___62int32_t_2int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___6int32_t_58int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___43int32_t_21int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___15int32_t_49int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___61int32_t_3int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___28int32_t_36int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___55int32_t_9int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___25int32_t_39int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___21int32_t_43int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___56int32_t_8int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___27int32_t_37int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___20int32_t_44int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___39int32_t_25int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___8int32_t_56int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( - uint64_t a, - uint64_t b -); - -uint64_t libcrux_sha3_portable_keccak_rotate_left___14int32_t_50int32_t(uint64_t x); - -uint64_t libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, uint64_t b); - -uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( - uint64_t a, - uint64_t b -); - -void -libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___72size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___72size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___72size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_portable_keccak_load_block___144size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___144size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___144size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___144size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_portable_keccak_load_block___136size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___136size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___136size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_portable_keccak_load_block___104size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___104size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___104size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___104size_t_6uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_portable_keccak_load_block___168size_t( - uint64_t (*s)[5U], - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice blocks[1U] -); - -void -libcrux_sha3_portable_keccak_load_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t blocks[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t b[1U][200U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_portable_keccak_store_block___168size_t(uint64_t (*s)[5U], Eurydice_slice out[1U]); - -void -libcrux_sha3_portable_keccak_store_block_full___168size_t( - uint64_t (*s)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( - uint64_t (*a)[5U], - uint8_t ret[1U][200U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( - uint64_t (*a)[5U], - Eurydice_slice b[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___168size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_shake128(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice last[1U] -); - -void -libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_keccakx1___136size_t_31uint8_t( - Eurydice_slice data[1U], - Eurydice_slice out[1U] -); - -void libcrux_sha3_portable_shake256(Eurydice_slice digest, Eurydice_slice data); - -typedef libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_KeccakState1; - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable___core__clone__Clone_for_libcrux_sha3__portable__KeccakState1___clone( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *self -); - -libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t -libcrux_sha3_portable_incremental_shake128_init(void); - -void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice data0 -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out[1U] -); - -void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - -void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, - Eurydice_slice out0 -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_H_DEFINED -#endif diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.c b/libcrux-sha3/c/libcrux_sha3_avx2.c deleted file mode 100644 index c8c762d2a..000000000 --- a/libcrux-sha3/c/libcrux_sha3_avx2.c +++ /dev/null @@ -1,2721 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "intrinsics/libcrux_intrinsics_avx2.h" - -#include "internal/libcrux_sha3_avx2.h" - -#include "internal/libcrux_sha3.h" -#include "internal/core.h" - -static inline core_core_arch_x86___m256i -_veor5q_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i -_vbcaxq_u64( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - core_core_arch_x86___m256i uu____0 = a; - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) -{ - core_core_arch_x86___m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline void -slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ - Eurydice_slice - uu____0 = - Eurydice_slice_subslice(a[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(a[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(a[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = - Eurydice_slice_subslice(a[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); -} - -typedef struct __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s -{ - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} -__Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; - -static inline __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) -{ - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at_mut(out0, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at_mut(out1, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at_mut(out2, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at_mut(out3, - mid, - uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline core_core_arch_x86___m256i zero(void) -{ - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i -xor5( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e -) -{ - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i -rotate_left1_and_xor(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i -and_not_xor( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c -) -{ - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i xor_constant(core_core_arch_x86___m256i a, uint64_t c) -{ - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i -xor0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) -{ - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void -slice_n(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) -{ - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (Eurydice_slice)); -} - -static inline __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) -{ - return split_at_mut_4(a, mid); -} - -inline void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf0[4U] = { input0, input1, input2, input3 }; - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, - buf); -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void) -{ - return - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -) -{ - Eurydice_slice buf[4U] = { data0, data1, data2, data3 }; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(s, - buf); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - -inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -) -{ - Eurydice_slice buf[4U] = { out0, out1, out2, out3 }; - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - buf); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____0 = split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o0); - __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____1 = split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o1); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, - o2); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t(s->st, - out); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___168size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - libcrux_sha3_simd_avx2_store_block___168size_t(a, b); -} - -inline void -libcrux_sha3_simd_avx2_store_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U; - } - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___168size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2_load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_simd_avx2_load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_load_block___168size_t(uu____0, buf); -} - -inline void -libcrux_sha3_simd_avx2_load_block___168size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -inline void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = - libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t(); - for - (size_t - i = (size_t)0U; - i - < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, - ret); - } - size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) - { - libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } - else - { - __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o0); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)1U, .end = blocks } - ), - core_ops_range_Range__size_t, - core_ops_range_Range__size_t); - while (true) - { - if - ( - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next(&iter, - size_t, - core_option_Option__size_t).tag - == core_option_None - ) - { - break; - } - else - { - __Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof (Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, - o); - memcpy(o1, orest, (size_t)4U * sizeof (Eurydice_slice)); - } - } - if (last < outlen) - { - libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -inline void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s.st, - b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t(s->st, - out); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - libcrux_sha3_simd_avx2_store_block___136size_t(a, b); -} - -inline void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -) -{ - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t(s->st, - b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_subslice((size_t)200U, - uu____1, - lit, - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___store_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t ret[4U][200U] -) -{ - uint8_t ret0[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof (uint8_t [200U])); -} - -inline void -libcrux_sha3_simd_avx2_store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t ret[4U][200U] -) -{ - uint8_t out0[200U] = { 0U }; - uint8_t out1[200U] = { 0U }; - uint8_t out2[200U] = { 0U }; - uint8_t out3[200U] = { 0U }; - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - out3, - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof (uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof (uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof (uint8_t)); -} - -inline void -libcrux_sha3_simd_avx2_store_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(Eurydice_slice_subslice(out[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice - uu____1 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____2 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____2, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____3 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____3, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____4 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice - uu____6 = - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____8 = - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____8, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____9 = - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - } -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -) -{ - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = { { 0U } }; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) - { - size_t i0 = i; - Eurydice_slice - uu____0 = - Eurydice_array_to_subslice((size_t)200U, - blocks[i0], - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = last_len }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U; - } - core_core_arch_x86___m256i (*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t(uu____1, - uu____2); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block_full___136size_t( - core_core_arch_x86___m256i (*a)[5U], - uint8_t b[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof (uint8_t [200U])); - libcrux_sha3_simd_avx2_load_block_full___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_simd_avx2_load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], - uint8_t blocks[4U][200U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s; - Eurydice_slice - uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice); - Eurydice_slice - uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t, Eurydice_slice); - Eurydice_slice - buf[4U] = - { - uu____1, - uu____2, - uu____3, - Eurydice_array_to_slice((size_t)200U, - blocks[3U], - uint8_t, - Eurydice_slice) - }; - libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, buf); -} - -inline void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t(uu____0, - uu____1); - libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -inline void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - for (size_t i = (size_t)0U; i < (size_t)24U; i++) - { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t(s); - libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -inline void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -) -{ - core_core_arch_x86___m256i - uu____0 = xor_constant(s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -inline void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof (core_core_arch_x86___m256i [5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) - { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) - { - size_t j = i; - core_core_arch_x86___m256i - uu____0 = - and_not_xor(s->st[i1][j], - old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0; - } - } -} - -inline void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone((size_t)5U, - s->st, - old, - core_core_arch_x86___m256i [5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -inline void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -) -{ - core_core_arch_x86___m256i - uu____0 = xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); - core_core_arch_x86___m256i - uu____1 = xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); - core_core_arch_x86___m256i - uu____2 = xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); - core_core_arch_x86___m256i - uu____3 = xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); - core_core_arch_x86___m256i - c[5U] = - { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], - s->st[1U][4U], - s->st[2U][4U], - s->st[3U][4U], - s->st[4U][4U]) - }; - core_core_arch_x86___m256i - uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i - t[5U] = - { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U]) - }; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i - uu____9 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], - t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i - uu____10 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], - t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i - uu____11 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], - t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i - uu____12 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], - t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i - uu____13 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], - t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i - uu____14 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], - t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i - uu____15 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], - t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i - uu____16 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], - t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i - uu____17 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], - t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i - uu____18 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], - t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i - uu____19 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], - t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i - uu____20 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], - t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i - uu____21 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], - t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i - uu____22 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], - t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i - uu____23 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], - t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i - uu____24 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], - t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i - uu____25 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], - t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i - uu____26 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], - t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i - uu____27 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], - t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i - uu____28 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], - t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i - uu____29 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], - t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i - uu____30 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], - t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i - uu____31 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], - t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i - uu____32 = - libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], - t[4U]); - s->st[4U][4U] = uu____32; -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___14int32_t_50int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___8int32_t_56int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___39int32_t_25int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___20int32_t_44int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___27int32_t_37int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___56int32_t_8int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___21int32_t_43int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___25int32_t_39int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___55int32_t_9int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___28int32_t_36int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___61int32_t_3int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___15int32_t_49int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___43int32_t_21int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___6int32_t_58int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___62int32_t_2int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___2int32_t_62int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___45int32_t_19int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___10int32_t_54int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___44int32_t_20int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___18int32_t_46int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___41int32_t_23int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___3int32_t_61int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, core_core_arch_x86___m256i)); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - return libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t(a, b); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b -) -{ - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(ab); -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___36int32_t_28int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, core_core_arch_x86___m256i)); -} - -inline void -libcrux_sha3_simd_avx2___libcrux_sha3__traits__KeccakItem_4__usize__for_core__core_arch__x86____m256i___load_block___136size_t( - core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U] -) -{ - core_core_arch_x86___m256i (*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof (Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block___136size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_simd_avx2_load_block___136size_t( - core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U] -) -{ - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) - { - size_t i0 = i; - core_core_arch_x86___m256i - v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[0U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[1U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[2U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i - v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice(blocks[3U], - ( - (core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U) - } - ), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice)); - core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i - v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)32, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v0l, - v2l, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256((int32_t)49, - v1h, - v3h, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i - uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[(size_t)4U - * i0 - / (size_t)5U][(size_t)4U - * i0 - % (size_t)5U], - v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i - uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) - / (size_t)5U][((size_t)4U * i0 + (size_t)1U) - % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U][((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - uu____1; - core_core_arch_x86___m256i - uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) - / (size_t)5U][((size_t)4U * i0 + (size_t)2U) - % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U][((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - uu____2; - core_core_arch_x86___m256i - uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) - / (size_t)5U][((size_t)4U * i0 + (size_t)3U) - % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U][((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = { 0U }; - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____5 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____7 = - Eurydice_array_to_subslice((size_t)32U, - u8s, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s, - uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) - { - uint8_t u8s0[32U] = { 0U }; - Eurydice_slice - uu____9 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____9, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____10 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____10, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____11 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____11, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - Eurydice_slice - uu____12 = - Eurydice_array_to_subslice((size_t)32U, - u8s0, - ((core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____12, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ .start = start + (size_t)8U, .end = start + (size_t)16U }), - uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, - void *); - core_core_arch_x86___m256i - u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice((size_t)32U, - u8s0, - uint8_t, - Eurydice_slice)); - size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -) -{ - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -inline core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left___1int32_t_63int32_t(core_core_arch_x86___m256i x) -{ - core_core_arch_x86___m256i - uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i); - return - libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, core_core_arch_x86___m256i)); -} - diff --git a/libcrux-sha3/c/libcrux_sha3_avx2.h b/libcrux-sha3/c/libcrux_sha3_avx2.h deleted file mode 100644 index c4d2c773c..000000000 --- a/libcrux-sha3/c/libcrux_sha3_avx2.h +++ /dev/null @@ -1,170 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_avx2_H -#define __libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "core.h" -#include "eurydice_glue.h" - -typedef struct libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s -{ core_core_arch_x86___m256i st[5U][5U]; } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; - -void -libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice input2, - Eurydice_slice input3, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_avx2_x4_incremental_shake128_init(void); - -void -libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice data0, - Eurydice_slice data1, - Eurydice_slice data2, - Eurydice_slice data3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out0, - Eurydice_slice out1, - Eurydice_slice out2, - Eurydice_slice out3 -); - -void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice out[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice last[4U] -); - -void -libcrux_sha3_generic_keccak_absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - Eurydice_slice blocks[4U] -); - -void -libcrux_sha3_generic_keccak_keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s, - size_t i -); - -void -libcrux_sha3_generic_keccak_chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -void -libcrux_sha3_generic_keccak_theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s -); - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__TraitClause_0__1__new__core_core_arch_x86___m256i_4size_t( - void -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-sha3/c/libcrux_sha3_neon.c b/libcrux-sha3/c/libcrux_sha3_neon.c deleted file mode 100644 index 010c580b9..000000000 --- a/libcrux-sha3/c/libcrux_sha3_neon.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#include "intrinsics/libcrux_intrinsics_arm64.h" - -#include "libcrux_sha3_neon.h" - -#include "internal/core.h" - -inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -) -{ - Prims_string - buf[1U] = { "not implemented: The target architecture does not support neon instructions." }; - Eurydice_slice - uu____0 = Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore(core_fmt__core__fmt__Arguments__a__2__new_v1(uu____0, - Eurydice_array_to_slice((size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, - void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); -} - diff --git a/libcrux-sha3/c/libcrux_sha3_neon.h b/libcrux-sha3/c/libcrux_sha3_neon.h deleted file mode 100644 index ec2948001..000000000 --- a/libcrux-sha3/c/libcrux_sha3_neon.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_sha3.llbc - F* version: 58c915a8 - KaRaMeL version: 04cb86b9 - */ - -#ifndef __libcrux_sha3_neon_H -#define __libcrux_sha3_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "libcrux_sha3.h" -#include "core.h" -#include "eurydice_glue.h" - -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); - -void -libcrux_sha3_neon_x2_shake256( - Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1 -); - -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s -{ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; } -libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 -libcrux_sha3_neon_x2_incremental_shake128_init(void); - -void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice data0, - Eurydice_slice data1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, - Eurydice_slice out0, - Eurydice_slice out1 -); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_sha3_neon_H_DEFINED -#endif From ed823bc641b7152c9e2fe03691839a13fbce7a43 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 7 Jun 2024 21:05:59 +0200 Subject: [PATCH 29/74] neon extract --- libcrux-ml-kem/c/CMakeLists.txt | 17 +- libcrux-ml-kem/c/eurydice_glue.h | 14 +- libcrux-ml-kem/c/internal/libcrux_core.h | 99 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- .../c/intrinsics/libcrux_intrinsics_arm64.h | 22 +- libcrux-ml-kem/c/libcrux_core.c | 55 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 521 +-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_platform.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3039 ++++++++++++++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 32 +- libcrux-ml-kem/c/tests/mlkem768.cc | 68 + 25 files changed, 3071 insertions(+), 900 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 6d941994e..91e64d534 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -11,9 +11,11 @@ project(libcrux-ml-kem ) set(CMAKE_C_STANDARD 11) -#FIXME: Windows? + +# FIXME: Windows? add_compile_options( -Wall + # -Wextra # -pedantic # -Wconversion @@ -23,7 +25,7 @@ add_compile_options( $<$:-g> $<$:-O3> ) -add_link_options(-flto) + set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( ${PROJECT_SOURCE_DIR} @@ -61,6 +63,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES Linux) -fPIC -flto ) + add_link_options(-flto) endif(${CMAKE_SYSTEM_NAME} MATCHES Linux) add_library(ml_kem SHARED ${SOURCES}) @@ -95,7 +98,7 @@ endif() # Get gtests include(FetchContent) FetchContent_Declare(googletest -DOWNLOAD_EXTRACT_TIMESTAMP TRUE + DOWNLOAD_EXTRACT_TIMESTAMP TRUE URL https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip ) @@ -105,7 +108,7 @@ FetchContent_MakeAvailable(googletest) # Get nlohmann json FetchContent_Declare(json -DOWNLOAD_EXTRACT_TIMESTAMP TRUE + DOWNLOAD_EXTRACT_TIMESTAMP TRUE URL https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip ) FetchContent_MakeAvailable(json) @@ -129,12 +132,12 @@ target_link_libraries(sha3_test PRIVATE ) # --- Benchmarks - FetchContent_Populate(benchmark - GIT_REPOSITORY https://github.com/google/benchmark.git + GIT_REPOSITORY https://github.com/google/benchmark.git + # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f + GIT_TAG bc946b919cac6f25a199a526da571638cfde109f ) add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index ef21a5003..4c12dcdb7 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -115,6 +115,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]) { + return (uint32_t)x0[0] << 24 | (uint32_t)x0[1] << 16 | (uint32_t)x0[2] << 8 | (uint32_t)x0[3]; +} + static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } @@ -189,11 +193,11 @@ static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, size_t chunk_size = chunks->slice.len >= chunks->chunk_size ? chunks->chunk_size : chunks->slice.len; - Eurydice_slice curr_chunk = - ((Eurydice_slice){.ptr = chunks->slice.ptr, .len = chunk_size}); - chunks->slice = ((Eurydice_slice){ - .ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size, - .len = chunks->slice.len - chunk_size}); + Eurydice_slice curr_chunk; + curr_chunk.ptr = chunks->slice.ptr; + curr_chunk.len = chunk_size; + chunks->slice.ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size; + chunks->slice.len = chunks->slice.len - chunk_size; return curr_chunk; } diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 39db7b956..bf7077b43 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -118,6 +118,24 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); +typedef struct + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; + libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( uint8_t value[800U]); @@ -148,36 +166,12 @@ uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( Eurydice_slice lhs, Eurydice_slice rhs); -typedef struct - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); -typedef struct - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; - Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); @@ -188,45 +182,6 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]); - -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]); - -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]); - typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -234,7 +189,7 @@ typedef struct core_option_Option__Eurydice_slice_uint8_t_s { typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -246,10 +201,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5773bba52..21c931d0e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c897dae9f..063929aab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h index 4f6a5f8c7..011676868 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h @@ -132,7 +132,9 @@ libcrux_intrinsics_arm64__vdupq_n_u32(uint32_t a) { } static inline core_core_arch_arm_shared_neon_uint16x8_t -libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value); +libcrux_intrinsics_arm64__vdupq_n_u16(uint16_t value) { + return vdupq_n_u16(value); +} static inline core_core_arch_arm_shared_neon_int16x8_t libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice slice) { @@ -245,7 +247,9 @@ libcrux_intrinsics_arm64__vqdmulhq_s16( static inline core_core_arch_arm_shared_neon_int32x4_t libcrux_intrinsics_arm64__vmull_s16(core_core_arch_arm_shared_neon_int16x4_t a, - core_core_arch_arm_shared_neon_int16x4_t b); + core_core_arch_arm_shared_neon_int16x4_t b) { + return vmull_s16(a, b); +} static inline core_core_arch_arm_shared_neon_int32x4_t libcrux_intrinsics_arm64__vmull_high_s16( @@ -317,17 +321,17 @@ libcrux_intrinsics_arm64__vandq_u16( // Shift Operations -#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshrq_n_s16(SHIFT_BY, a, _ret_t) \ (vshrq_n_s16(a, SHIFT_BY)) -#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshrq_n_u16(SHIFT_BY, a, _ret_t) \ (vshrq_n_u16(a, SHIFT_BY)) -#define libcrux_intrinsics_arm64__vshrq_n_u32(N, a) (vshrq_n_u32(a, N)) +#define libcrux_intrinsics_arm64__vshrq_n_u32(N, a, _ret_t) (vshrq_n_u32(a, N)) -#define libcrux_intrinsics_arm64__vshlq_n_u32(N, a) (vshlq_n_u32(a, N)) +#define libcrux_intrinsics_arm64__vshlq_n_u32(N, a, _ret_t) (vshlq_n_u32(a, N)) -#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a) \ +#define libcrux_intrinsics_arm64__vshlq_n_s16(SHIFT_BY, a, _ret_t) \ (vshlq_n_s16(a, SHIFT_BY)) static inline core_core_arch_arm_shared_neon_int16x8_t @@ -344,9 +348,9 @@ libcrux_intrinsics_arm64__vshlq_u16( return vshlq_u16(a, b); } -#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b) (vsliq_n_s16(a, b, N)) +#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b, _ret_t) (vsliq_n_s16(a, b, N)) -#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b) (vsliq_n_s64(a, b, N)) +#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b, _ret_t) (vsliq_n_s64(a, b, N)) // Transpose and Vector Manipulations diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index f3c81cf0c..d9b04551d 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "internal/libcrux_core.h" @@ -336,48 +336,6 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { @@ -405,10 +363,3 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_arra KRML_HOST_EXIT(255U); } } - -void core_fmt_rt__core__fmt__rt__Argument__a__1__none( - core_fmt_rt_Argument x0[0U]){} - -core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( - Eurydice_slice x0, Eurydice_slice x1) {return NULL;} - diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 52b97c825..bc228c092 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_core_H @@ -128,11 +128,11 @@ typedef struct #define core_result_Err 1 typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 40b2e232a..85dd66606 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index b63311db9..4884311cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2479e6391..0b75d194b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 5256458eb..3f77765f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 8a1a92703..74e84b66d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 9ad10a424..f4ff7b78e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c69fb58ac..9b31997bd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 06ce4a50d..1849e09a4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index d7b8a5c6f..abf96805f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index ed7e13445..6567e2b46 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" @@ -44,521 +44,6 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( void) { libcrux_ml_kem_vector_portable_PortableVector lit; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 078c0cbd3..a9def0a13 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H @@ -27,10 +27,6 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_PortableVector; diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 988a2e7f2..9ae0f07cd 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 87bfd1a1a..0543a8e19 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e796057eb..be1a83910 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 3d3d86bf4..f138d7a8c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,187 +1,2888 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = Eurydice_slice_subslice( + a[1U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, + .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, + .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + size_t i) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___72size_t(uu____0, buf); +} + +static inline void load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, + .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, + .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___72size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + s, o1); + } + } +} + +static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, + .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, + .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, + .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, + .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2___136size_t_31uint8_t(buf0, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + KeccakState2; + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, + .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, + .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, + .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, + .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___168size_t0(s->st, out); +} + +static inline void +squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o1); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, + .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, + .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___144size_t(uu____0, buf); +} + +static inline void load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, + .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, + .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___144size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + s, o1); + } + } +} + +static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, + .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, + .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___104size_t(uu____0, buf); +} + +static inline void load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, + .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, + .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___104size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + s, o1); + } + } +} + +static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___104size_t_6uint8_t(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0a665654b..2478907d2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config + ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + a32b316e KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H @@ -17,6 +17,11 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -24,24 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 69b874e92..3ccc1bad9 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -446,3 +446,71 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) } } #endif // LIBCRUX_X64 + +#ifdef LIBCRUX_AARCH64 +#include "libcrux_mlkem768_neon.h" + +TEST(MlKem768TestNeon, ConsistencyTest) +{ + uint8_t randomness[64]; + for (int i = 0; i < 64; i++) + randomness[i] = 13; + auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); + cout << "key pair: " << bytes_to_hex(bytes(key_pair.pk.value, key_pair.pk.value + 1184U)) << endl; + + auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + +TEST(MlKem768TestNeon, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(kat.key_generation_seed.data()); + + uint8_t pk_hash[32]; + libcrux_sha3_sha256( + mk_slice(key_pair.pk.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), + pk_hash); + EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); + + uint8_t sk_hash[32]; + libcrux_sha3_sha256( + mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); + EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); + + auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate( + &key_pair.pk, kat.encapsulation_seed.data()); + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + mk_slice(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + } +} + +#endif // LIBCRUX_AARCH64 From 5863515b461d4c78a4cf17a3f8b5cf8c3c2c39b7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 7 Jun 2024 22:53:11 +0200 Subject: [PATCH 30/74] arm intrinsics fix --- .../c/intrinsics/libcrux_intrinsics_arm64.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h index 011676868..ebcd5e2ad 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_arm64.h @@ -184,7 +184,7 @@ static inline int16_t libcrux_intrinsics_arm64__vaddvq_s16( static inline uint16_t libcrux_intrinsics_arm64__vaddv_u16( core_core_arch_arm_shared_neon_uint16x4_t a) { - return vaddv_s16(a); + return vaddv_u16(a); } static inline uint16_t libcrux_intrinsics_arm64__vaddvq_u16( @@ -216,7 +216,7 @@ libcrux_intrinsics_arm64__vqdmulhq_n_s16( static inline core_core_arch_arm_shared_neon_uint16x8_t libcrux_intrinsics_arm64__vmulq_n_u16( core_core_arch_arm_shared_neon_uint16x8_t a, uint16_t c) { - return vmulq_n_s16(a, c); + return vmulq_n_u16(a, c); } static inline core_core_arch_arm_shared_neon_int32x4_t @@ -246,8 +246,9 @@ libcrux_intrinsics_arm64__vqdmulhq_s16( } static inline core_core_arch_arm_shared_neon_int32x4_t -libcrux_intrinsics_arm64__vmull_s16(core_core_arch_arm_shared_neon_int16x4_t a, - core_core_arch_arm_shared_neon_int16x4_t b) { +libcrux_intrinsics_arm64__vmull_s16( + core_core_arch_arm_shared_neon_int16x4_t a, + core_core_arch_arm_shared_neon_int16x4_t b) { return vmull_s16(a, b); } @@ -348,9 +349,11 @@ libcrux_intrinsics_arm64__vshlq_u16( return vshlq_u16(a, b); } -#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b, _ret_t) (vsliq_n_s16(a, b, N)) +#define libcrux_intrinsics_arm64__vsliq_n_s32(N, a, b, _ret_t) \ + (vsliq_n_s32(a, b, N)) -#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b, _ret_t) (vsliq_n_s64(a, b, N)) +#define libcrux_intrinsics_arm64__vsliq_n_s64(N, a, b, _ret_t) \ + (vsliq_n_s64(a, b, N)) // Transpose and Vector Manipulations From eaf785e1d95eaf31bb6a4618fe961c450e3fadc8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 7 Jun 2024 22:58:20 +0200 Subject: [PATCH 31/74] fixes for neon --- libcrux-ml-kem/c/eurydice_glue.h | 5 +- .../c/internal/libcrux_mlkem_neon.h | 74 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 55 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 40 + libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 163 + libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 89 + libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 54 + libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 40 + libcrux-ml-kem/c/libcrux_mlkem_neon.c | 7727 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_neon.h | 301 + libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- libcrux-ml-kem/c/tests/mlkem768.cc | 7 +- 13 files changed, 8555 insertions(+), 12 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 4c12dcdb7..76e9907ca 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -114,9 +114,8 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { uint32_t x = htobe32(src); memcpy(dst, &x, 4); } - -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]) { - return (uint32_t)x0[0] << 24 | (uint32_t)x0[1] << 16 | (uint32_t)x0[2] << 8 | (uint32_t)x0[3]; +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { + return load32_le(buf); } static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..ae166d10e --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -0,0 +1,74 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c new file mode 100644 index 000000000..8233b1102 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem1024_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h new file mode 100644 index 000000000..f95883a91 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_neon_H +#define __libcrux_mlkem1024_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c new file mode 100644 index 000000000..12687fb50 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -0,0 +1,163 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem512_neon.h" + +#include "internal/libcrux_mlkem_neon.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); + } + return uu____0; +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + public_key); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h new file mode 100644 index 000000000..817d7efee --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -0,0 +1,89 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_neon_H +#define __libcrux_mlkem512_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c new file mode 100644 index 000000000..ebf906e3a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -0,0 +1,54 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h new file mode 100644 index 000000000..69680d2ce --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_neon_H +#define __libcrux_mlkem768_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c new file mode 100644 index 000000000..06a1b3d76 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -0,0 +1,7727 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void) { + return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice))}); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + v, c); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, + zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + a, zeta1, zeta2, zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, + zeta2); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int16x4_t uu____0 = + libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____0, libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____1, uu____2, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____3, libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = + libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____4, uu____5, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){.low = low2, + .high = high2}); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + lhs, rhs, zeta1, zeta2, zeta3, zeta4); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vandq_s16(low, one); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .low = uu____0, .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) { + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[10U]) { + uint8_t res[10U] = {0U}; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | + out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | + out[(size_t)8U + (size_t)2U] << 2U) | + out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | + out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | + out[(size_t)8U + (size_t)5U] << 1U) | + out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | + out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[10U]) { + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)8U, input0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input1, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)20U, result, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)20U, result, + ((core_ops_range_Range__size_t){.start = (size_t)5U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)13U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)20U, result, + ((core_ops_range_Range__size_t){.start = (size_t)10U, + .end = (size_t)15U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)20U, result, + ((core_ops_range_Range__size_t){.start = (size_t)15U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)29U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[4U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof(uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[22U]) { + int16_t input[16U]; + libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); + uint8_t result[22U] = {0U}; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | + input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | + input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | + input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | + input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | + input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | + input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | + input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = + (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[22U]) { + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[8U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input2, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof(uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); +} + +inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)24U, result, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)24U, result, + ((core_ops_range_Range__size_t){.start = (size_t)6U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)14U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)24U, result, + ((core_ops_range_Range__size_t){.start = (size_t)12U, + .end = (size_t)18U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)24U, result, + ((core_ops_range_Range__size_t){.start = (size_t)18U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)30U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)16U, input0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)16U, input1, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + ((core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){.low = low, + .high = high}); +} + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( + &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + int16_t uu____8 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____8; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self) { + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +shift_right___15int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +shift_right___15int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + a, &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + shake128_state[2U]; +} Simd128Hash; + +static inline Simd128Hash shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + Simd128Hash *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t extra[504U] = {0U}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = self->shake128_state; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____4 = &self->shake128_state[1U]; + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [3U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[3U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t extra[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____2, uu____3, uu____4, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; +} __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + v, fer); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + b, zeta_r); + b = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___10int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___10int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___11int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___11int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return compress___11int32_t(v); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___4int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector compress___4int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + compress___4int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compress___5int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector compress___5int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients = + compress___5int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + /* + printf("pk:"); + for (int i = 0; i < 16; i++) + printf("%02x, ",public_key->value[i]); + printf("\n"); + printf("hashed:"); + for (int i = 0; i < 32; i++) + printf("%02x, ",ret[i]); + printf("\n"); + */ + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + bytes); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t0( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___4size_t( + uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___4size_t( + Simd128Hash *self, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = self->shake128_state; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____3, uu____4, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____5 = &self->shake128_state[1U]; + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [4U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[4U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____3, uu____4, uu____5, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____6, uu____7, uu____8, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + serialized); + return uu____0; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static void +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___2size_t( + uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___2size_t( + Simd128Hash *self, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = self->shake128_state; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____1, uu____2, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [2U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + fst[2U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], + Eurydice_slice), + (size_t)1U, uint8_t[192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____1, uu____2, uu____3, + Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], + uint8_t(*)[192U], uint8_t[192U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____1, uu____2, uu____3, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) { + return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h new file mode 100644 index 000000000..426ef9f47 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -0,0 +1,301 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_sha3_neon.h" + +typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( + void); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( + Eurydice_slice array); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[2U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[8U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t ret[16U]); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[10U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[20U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_simd128ops_serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[24U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( + Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out); + +libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector +libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self); + +typedef struct + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index f138d7a8c..8c8485739 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 2478907d2..c6b0120ec 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 3ccc1bad9..ced40395b 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -187,9 +187,13 @@ TEST(MlKem768TestPortable, ConsistencyTest) randomness[i] = 13; } auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); + // cout << "key pair.pk: " << bytes_to_hex(bytes(key_pair.pk.value, key_pair.pk.value + 16U)) << endl; + // cout << "key pair.sk: " << bytes_to_hex(bytes(key_pair.sk.value, key_pair.sk.value + 16U)) << endl; auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); + // cout << "ctxt: " << bytes_to_hex(bytes(ctxt.fst.value, ctxt.fst.value + 16U)) << endl; + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); @@ -456,8 +460,6 @@ TEST(MlKem768TestNeon, ConsistencyTest) for (int i = 0; i < 64; i++) randomness[i] = 13; auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - cout << "key pair: " << bytes_to_hex(bytes(key_pair.pk.value, key_pair.pk.value + 1184U)) << endl; - auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; @@ -512,5 +514,4 @@ TEST(MlKem768TestNeon, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } - #endif // LIBCRUX_AARCH64 From 56765bb400cbc350740a7445ab8f2eaee83dd1b7 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Fri, 7 Jun 2024 14:46:25 -0700 Subject: [PATCH 32/74] Regenerate code on NEON, remove unused functions --- libcrux-ml-kem/c/CMakeLists.txt | 1 + libcrux-ml-kem/c/eurydice_glue.h | 2 + libcrux-ml-kem/c/internal/libcrux_core.h | 6 +- .../c/internal/libcrux_mlkem_avx2.h | 75 - .../c/internal/libcrux_mlkem_neon.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 38 - .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 20 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 55 - libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 40 - libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 163 - libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 89 - libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 54 - libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 40 - libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 7622 ----------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 294 - libcrux-ml-kem/c/libcrux_mlkem_neon.c | 251 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 242 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_platform.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2111 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 9 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 44 files changed, 231 insertions(+), 11069 deletions(-) delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h delete mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.h diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 91e64d534..b8f4f983f 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -11,6 +11,7 @@ project(libcrux-ml-kem ) set(CMAKE_C_STANDARD 11) +set(CMAKE_CXX_STANDARD 11) # FIXME: Windows? add_compile_options( diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 76e9907ca..e00c11543 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -111,9 +111,11 @@ static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, // CORE STUFF (conversions, endianness, ...) static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { + // TODO: why not store32_be? uint32_t x = htobe32(src); memcpy(dst, &x, 4); } + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index bf7077b43..f03cb2277 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h deleted file mode 100644 index 10a2cb5a5..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_mlkem_avx2_H -#define __internal_libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem_avx2.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index ae166d10e..ab47ba59d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 21c931d0e..0f14466d1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h deleted file mode 100644 index 11ada5b26..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __internal_libcrux_sha3_avx2_H -#define __internal_libcrux_sha3_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_sha3_avx2.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "intrinsics/libcrux_intrinsics_avx2.h" - -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - libcrux_sha3_avx2_x4_incremental_KeccakState4; - -void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]); - -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_sha3_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 063929aab..46e81d5c3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d9b04551d..a3accd24c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,26 +1,12 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_core.h" -typedef size_t RangeTo__size_t; - -typedef size_t RangeFrom__size_t; - -typedef struct Option__int32_t_s { - core_option_Option__size_t_tags tag; - int32_t f0; -} Option__int32_t; - -typedef struct Option__uint32_t_s { - core_option_Option__size_t_tags tag; - uint32_t f0; -} Option__uint32_t; - static uint8_t is_non_zero(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t uu____0 = value0; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index bc228c092..d9a0b80fa 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 85dd66606..9fef0fd8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c deleted file mode 100644 index 9dbf4e203..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem1024_avx2.h" - -void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h deleted file mode 100644 index d3da0c00c..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem1024_avx2_H -#define __libcrux_mlkem1024_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" - -void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1024_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8233b1102..84791f55e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index f95883a91..e68f4c51b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 4884311cd..f292fbfbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 0b75d194b..321bfbf6e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 3f77765f7..5d00daade 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c deleted file mode 100644 index 14cd4287a..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem512_avx2.h" - -#include "internal/libcrux_mlkem_avx2.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - public_key); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None}); - } - return uu____0; -} - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - public_key); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - public_key); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h deleted file mode 100644 index 34801018a..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem512_avx2_H -#define __libcrux_mlkem512_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 12687fb50..2c021222d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 817d7efee..0074c9469 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 74e84b66d..126402c11 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index f4ff7b78e..607fa0ae7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9b31997bd..59e587f22 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c deleted file mode 100644 index 4497d2302..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "libcrux_mlkem768_avx2.h" - -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h deleted file mode 100644 index 373792504..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_avx2_H -#define __libcrux_mlkem768_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem512_avx2.h" - -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index ebf906e3a..c2d9494e3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 69680d2ce..175e2827b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1849e09a4..6b485ab48 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index abf96805f..03b200b57 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c deleted file mode 100644 index 23df04b2d..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ /dev/null @@ -1,7622 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" - -typedef core_core_arch_x86___m256i SIMD256Vector; - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i uu____0 = vector; - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i uu____0 = vector; - return libcrux_intrinsics_avx2_mm256_and_si256( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i uu____1 = t; - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = quotient; - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - uu____0, libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, rhs, core_core_arch_x86___m256i)); - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - uu____1, libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i uu____0 = value_low; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -inline core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i uu____0 = value_low; - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i uu____1 = k; - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i uu____0 = rhs; - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum0; - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = rhs; - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i uu____1 = sum; - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i uu____0 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - core_core_arch_x86___m256i combined0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, - core_core_arch_x86___m256i); - return combined0; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i uu____0 = v; - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i uu____1 = k; - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - uu____1, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i uu____0 = right0; - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i uu____1 = rhs; - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, - (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, - (int8_t)0, (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - uint8_t ret0[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, - uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)1 << 15U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____1, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)16U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t ret0[8U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, - uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, - uu____14, - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; - return libcrux_intrinsics_avx2_mm256_and_si256( - uu____15, libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - - (int16_t)1)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_8_combined; - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)5U, .end = (size_t)21U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t ret0[10U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - uint8_t uu____0 = - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____1 = - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____2 = - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____3 = - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____4 = - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____5 = - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____6 = - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____7 = - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____8 = - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____9 = - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____10 = - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____11 = - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____12 = - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____13 = - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - uint8_t uu____14 = - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, uu____14, - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____15 = coefficients_loaded0; - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____15, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i uu____16 = coefficients0; - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - uu____16, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)10U, .end = (size_t)26U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t ret0[20U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)4U, - .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 13U, - 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) { - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - memcpy(lit.elements, uu____0, (size_t)16U * sizeof(int16_t)); - return lit; -} - -inline void libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]) { - uint8_t result[22U] = {0U}; - result[0U] = (uint8_t)v.elements[0U]; - result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | - (uint32_t)(uint8_t)(v.elements[0U] >> 8U); - result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | - (uint32_t)(uint8_t)(v.elements[1U] >> 5U); - result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); - result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | - (uint32_t)(uint8_t)(v.elements[2U] >> 10U); - result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | - (uint32_t)(uint8_t)(v.elements[3U] >> 7U); - result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | - (uint32_t)(uint8_t)(v.elements[4U] >> 4U); - result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); - result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | - (uint32_t)(uint8_t)(v.elements[5U] >> 9U); - result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | - (uint32_t)(uint8_t)(v.elements[6U] >> 6U); - result[10U] = (uint8_t)(v.elements[7U] >> 3U); - result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; - result[12U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); - result[13U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); - result[14U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); - result[15U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); - result[16U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); - result[17U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); - result[18U] = - (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); - result[19U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); - result[20U] = - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); - result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U]; - libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); - int16_t uu____0[16U]; - memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); - libcrux_ml_kem_vector_avx2_portable_PortableVector input = - libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - uint8_t ret0[22U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void) { - libcrux_ml_kem_vector_avx2_portable_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_avx2_portable_PortableVector result = - libcrux_ml_kem_vector_avx2_portable_zero(); - int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____1 = - &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); - result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; - int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____3 = - &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); - result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; - int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____5 = - uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U; - uint8_t *uu____6 = - &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); - result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; - int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____8 = - &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); - result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; - int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____10 = - &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); - result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; - int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____12 = - uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U; - uint8_t *uu____13 = - &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); - result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; - int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____15 = - &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); - result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; - int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____17 = - &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); - result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; - int16_t uu____18 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U; - uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; - int16_t uu____20 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U; - uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; - int16_t uu____22 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U; - int16_t uu____23 = - uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 2U; - uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; - int16_t uu____25 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U; - uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, - uint8_t, uint8_t *, uint8_t); - result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; - int16_t uu____27 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U; - uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, - uint8_t, uint8_t *, uint8_t); - result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; - int16_t uu____29 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U; - int16_t uu____30 = - uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, - uint8_t, uint8_t *, uint8_t) - << 1U; - uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, - uint8_t, uint8_t *, uint8_t); - result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; - int16_t uu____32 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U; - uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, - uint8_t, uint8_t *, uint8_t); - result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; - int16_t uu____34 = - (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U; - uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, - uint8_t, uint8_t *, uint8_t); - result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; - return result; -} - -inline void libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]) { - memcpy(ret, v.elements, (size_t)16U * sizeof(int16_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_avx2_portable_PortableVector output = - libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); - int16_t ret[16U]; - libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); - return libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_array_to_slice((size_t)16U, ret, int16_t, Eurydice_slice)); -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i uu____0 = vector; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - uu____0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i uu____1 = adjacent_2_combined; - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)12U, .end = (size_t)28U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t ret0[24U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____0 = lower_coefficients; - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____0, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( - bytes, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m128i uu____1 = upper_coefficients; - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, - 11U, 11U, 10U, 9U, 8U, - 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____2 = coefficients2; - core_core_arch_x86___m256i coefficients3 = - libcrux_intrinsics_avx2_mm256_and_si256( - uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); - return coefficients3; -} - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice( - output, - ((core_ops_range_Range__size_t){.start = sampled_count, - .end = sampled_count + (size_t)8U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -inline libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self) { - return self[0U]; -} - -inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline core_core_arch_x86___m256i shift_right___15int32_t( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i shift_right___15int32_t0( - core_core_arch_x86___m256i vector) { - return shift_right___15int32_t(vector); -} - -static core_core_arch_x86___m256i -to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right___15int32_t0(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState4 Simd256Hash; - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice_subslice( - a, - ((core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[3U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t uu____2 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t random_bits_as_u32 = - uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t random_bits_as_u24 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - randomness); - return uu____0; -} - -static inline void ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - re->coefficients[j + step], (int16_t)-1600); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; - -static core_core_arch_x86___m256i -montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - v, fer); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i t = - montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, - zeta_r); - b = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - a, &t); - a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &t); - return (( - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, .snd = b}); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static core_core_arch_x86___m256i -to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( - self->coefficients[j]); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - b, &a); - a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_minus_b, zeta_r); - return (( - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ - .fst = a, .snd = b}); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static core_core_arch_x86___m256i -decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i uu____0 = - decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( - coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - coefficient_normal_form, &tmp); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___10int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___10int32_t(vector); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___10int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___11int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___11int32_t(vector); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___11int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___4int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___4int32_t(vector); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___4int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_x86___m256i -compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i compress___5int32_t( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient___5int32_t(vector); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = compress___5int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - coefficients, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___10int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___10int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i -decompress_ciphertext_coefficient___11int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___11int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___11int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___4int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i decompress_ciphertext_coefficient___4int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___4int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - bytes); - core_core_arch_x86___m256i uu____0 = - decompress_ciphertext_coefficient___4int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___5int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -static core_core_arch_x86___m256i decompress_ciphertext_coefficient___5int32_t0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient___5int32_t(vector); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - bytes); - re.coefficients[i0] = uu____0; - core_core_arch_x86___m256i uu____1 = - decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[4U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___4size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___10int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = compress___11int32_t( - to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[4U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re, - Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___4size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___4size_t( - Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, - (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( - serialized); - return uu____0; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)768U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static void -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 -shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -static inline void shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - uint8_t dummy_out1[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - uint8_t dummy_out1[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = - shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t1( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( - A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - fst[2U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t dummy_out0[192U] = {0U}; - uint8_t dummy_out1[192U] = {0U}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], - Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( - randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____3, domain_separator) - .fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)1632U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - uint8_t dummy_out1[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, - uint8_t, Eurydice_slice); - libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, - Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___2size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t0(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( - *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], - &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result); - result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - error_2, message, result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - input[2U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___2size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___2size_t( - Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t1(void) { - return ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h deleted file mode 100644 index 5ae63072a..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ /dev/null @@ -1,294 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_mlkem_avx2_H -#define __libcrux_mlkem_avx2_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" -#include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( - void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( - Eurydice_slice array); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_avx2_portable_PortableVector; - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); - -void libcrux_ml_kem_vector_avx2_portable_serialize_11( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_zero(void); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_portable_to_i16_array( - libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -size_t -libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( - Eurydice_slice input, Eurydice_slice output); - -libcrux_ml_kem_vector_avx2_portable_PortableVector -libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( - libcrux_ml_kem_vector_avx2_portable_PortableVector *self); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( - core_core_arch_x86___m256i *self); - -typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_avx2_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 06a1b3d76..09fd7ca96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_mlkem_neon.h" @@ -1540,12 +1540,6 @@ ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) { return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( Eurydice_slice serialized) { @@ -1767,14 +1761,8 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -2005,7 +1993,7 @@ from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -2052,7 +2040,7 @@ sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t1( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -2070,7 +2058,7 @@ sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ A_transpose[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -2122,12 +2110,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; @@ -2497,11 +2479,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_ return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -2834,12 +2811,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_S uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( Eurydice_slice public_key, @@ -2876,12 +2847,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128 libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -2942,11 +2907,6 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t0(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( size_t *zeta_i, @@ -3412,35 +3372,6 @@ compress___11int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { return compress___11int32_t(v); } -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -3803,16 +3734,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD12 public_key), uint8_t, Eurydice_slice), ret); - /* - printf("pk:"); - for (int i = 0; i < 16; i++) - printf("%02x, ",public_key->value[i]); - printf("\n"); - printf("hashed:"); - for (int i = 0; i < 32; i++) - printf("%02x, ",ret[i]); - printf("\n"); - */ core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), @@ -3856,12 +3777,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD12 return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline core_core_arch_arm_shared_neon_uint32x4_t decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t coeff = @@ -4294,11 +4209,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128op return uu____0; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t1(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( Eurydice_slice serialized) { @@ -4557,12 +4467,6 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_S memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( Eurydice_slice public_key, @@ -4703,14 +4607,8 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -4927,7 +4825,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIM } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -4974,7 +4872,7 @@ sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t1( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -4992,7 +4890,7 @@ sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ A_transpose[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -5044,12 +4942,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; @@ -5156,11 +5048,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_ return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -5436,12 +5323,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_S uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( Eurydice_slice public_key, @@ -5478,12 +5359,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128 libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5544,11 +5419,6 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t0(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -5664,35 +5534,6 @@ compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4siz return result; } -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - static inline void compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -5933,12 +5774,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD12 return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( Eurydice_slice serialized) { @@ -6029,11 +5864,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128op return uu____0; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t1(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( Eurydice_slice secret_key, @@ -6220,12 +6050,6 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_S memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( Eurydice_slice public_key, @@ -6366,14 +6190,8 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -6542,7 +6360,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIM } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( +closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( Eurydice_array_to_subslice((size_t)272U, s, @@ -6589,7 +6407,7 @@ sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t1( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -6607,7 +6425,7 @@ sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_ A_transpose[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6659,12 +6477,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; @@ -6754,11 +6566,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_ return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -7034,12 +6841,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_S uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( Eurydice_slice public_key, @@ -7076,12 +6877,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128 libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -7172,11 +6967,6 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t0(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector @@ -7483,12 +7273,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD12 return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( uint8_t *ciphertext, @@ -7535,11 +7319,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vect libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t1(void) { - return ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); -} - static inline void deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( Eurydice_slice secret_key, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 426ef9f47..172520803 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 6567e2b46..876d3b5bb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" @@ -87,8 +87,7 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { Eurydice_slice, int16_t[16U], void *); core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( dst, ret); - // XXX KB modified this line - memcpy(lit.elements, array.ptr, (size_t)16U * sizeof(int16_t)); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1711,12 +1710,6 @@ ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) { return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_slice serialized) { @@ -1936,14 +1929,8 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -2118,7 +2105,7 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, @@ -2165,7 +2152,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t1( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -2183,7 +2170,7 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha A_transpose[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -2235,12 +2222,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; @@ -2570,11 +2551,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -2906,12 +2882,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( Eurydice_slice public_key, @@ -2947,12 +2917,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -3007,11 +2971,6 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t0(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( size_t *zeta_i, @@ -3323,35 +3282,6 @@ static libcrux_ml_kem_vector_portable_PortableVector compress___10int32_t0( return compress___10int32_t(v); } -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - static inline libcrux_ml_kem_vector_portable_PortableVector compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { for (size_t i = (size_t)0U; @@ -3697,12 +3627,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline libcrux_ml_kem_vector_portable_PortableVector decompress_ciphertext_coefficient___10int32_t( libcrux_ml_kem_vector_portable_PortableVector v) { @@ -3973,11 +3897,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_Porta return uu____0; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_4size_t1(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_slice serialized) { @@ -4230,12 +4149,6 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( Eurydice_slice public_key, @@ -4375,14 +4288,8 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -4536,7 +4443,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, @@ -4583,7 +4490,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t1( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -4601,7 +4508,7 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha A_transpose[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -4653,12 +4560,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; @@ -4719,11 +4620,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -4998,12 +4894,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( Eurydice_slice public_key, @@ -5039,12 +4929,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5099,11 +4983,6 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t0(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -5246,35 +5125,6 @@ compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320siz memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - static inline void compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -5486,12 +5336,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( Eurydice_slice serialized) { @@ -5578,11 +5422,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_Porta return uu____0; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_3size_t1(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( Eurydice_slice secret_key, @@ -5761,11 +5600,6 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( Eurydice_slice public_key, @@ -5905,14 +5739,8 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -6066,7 +5894,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe } static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, @@ -6113,7 +5941,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t1( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( uu____3[i]);); memcpy( ret, ret0, @@ -6131,7 +5959,7 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha A_transpose[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6183,12 +6011,6 @@ typedef struct uint8_t snd; } __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; @@ -6260,11 +6082,6 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -6539,11 +6356,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( Eurydice_slice public_key, @@ -6579,12 +6391,6 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -6652,11 +6458,6 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t0(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -6961,12 +6762,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( - void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( uint8_t *ciphertext, @@ -7012,11 +6807,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_2size_t1(void) { - return ZERO__libcrux_ml_kem_vector_portable_PortableVector(); -} - static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( Eurydice_slice secret_key, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index a9def0a13..c2a28afa5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 9ae0f07cd..13d7131d4 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0543a8e19..f143434fa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 49e0302b8..08549e08a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,2028 +1,111 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -static inline core_core_arch_x86___m256i zero(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i _veor5q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)1, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vrax1q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i rotate_left1_and_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i _vbcaxq_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i and_not_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64( - core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant( - core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - a[1U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - a[2U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice( - a[3U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)41, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)18, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)10, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)45, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)6, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)15, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)55, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)27, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)14, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_x86___m256i uu____0 = and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - size_t i) { - core_core_arch_x86___m256i uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; +inline void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = { - uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___168size_t0(s->st, out); + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - s, buf); +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2f9e86a7b..7fbdbc8a2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H @@ -15,38 +15,32 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index be1a83910..9428aa94d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice --config - ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - a32b316e KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8c8485739..8d215805c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #include "libcrux_sha3_neon.h" @@ -1839,9 +1839,6 @@ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, keccakx2___136size_t_31uint8_t(buf0, buf); } -typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - KeccakState2; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void) { return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c6b0120ec..0e8477b26 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_neon_H From be1905d93c84aa6321e331a7642764b4961f745c Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Fri, 7 Jun 2024 15:07:51 -0700 Subject: [PATCH 33/74] Refresh with correct implementation of macro --- libcrux-ml-kem/c/eurydice_glue.h | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index e00c11543..d9e6cec67 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -90,22 +90,17 @@ typedef struct { .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) -// Can't have a flexible array as a member of a union -- this violates strict -// aliasing rules. -typedef struct { - uint8_t tag; - uint8_t case_Ok[]; -} result_tryfromslice_flexible; - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ - Eurydice_slice_to_array3((result_tryfromslice_flexible *)dst, src, \ +// Conversion of slice to an array, rewritten (by Eurydice) to name the +// destination array, since arrays are not values in C. +// N.B.: see note in karamel/lib/Inlining.ml if you change this. +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) -static inline void Eurydice_slice_to_array3(result_tryfromslice_flexible *dst, +static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, Eurydice_slice src, size_t sz) { - dst->tag = 0; - memcpy(dst->case_Ok, src.ptr, sz); + *dst_tag = 0; + memcpy(dst_ok, src.ptr, sz); } // CORE STUFF (conversions, endianness, ...) From 86dd6f6f20341246e864e02b3268fadb0f30a32c Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 8 Jun 2024 13:06:08 +0200 Subject: [PATCH 34/74] neon bench --- libcrux-ml-kem/c/benches/mlkem768.cc | 55 ++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index 217ead8bf..c88c747f4 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -70,4 +70,59 @@ BENCHMARK(kyber768_key_generation); BENCHMARK(kyber768_encapsulation); BENCHMARK(kyber768_decapsulation); +#ifdef LIBCRUX_AARCH64 +#include "libcrux_mlkem768_neon.h" + +static void +kyber768_key_generation_neon(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); + } +} + +static void +kyber768_encapsulation_neon(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); + } +} + +static void +kyber768_decapsulation_neon(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation_neon); +BENCHMARK(kyber768_encapsulation_neon); +BENCHMARK(kyber768_decapsulation_neon); +#endif + BENCHMARK_MAIN(); From 54b814edca76a57ff8b4edf4c94806207d04bc81 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Mon, 10 Jun 2024 11:11:03 +0200 Subject: [PATCH 35/74] nix: use `clang-tools` for `clang-format` --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index d4c2c238b..90b35d678 100644 --- a/flake.nix +++ b/flake.nix @@ -39,7 +39,7 @@ name = "ml-kem"; inherit src cargoArtifacts; nativeBuildInputs = [ - pkgs.clang + pkgs.clang-tools pkgs.cmake pkgs.gbenchmark pkgs.mold-wrapped From 51d838e3e0eba386be1ec5a3589ffe56a86259e7 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 11:28:44 +0200 Subject: [PATCH 36/74] add avx2 code again --- libcrux-ml-kem/c/internal/libcrux_core.h | 99 +- .../c/internal/libcrux_mlkem_avx2.h | 75 + .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 38 + .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 48 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 55 + libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 40 + libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 163 + libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 89 + libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 54 + libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 40 + libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 7415 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 294 + libcrux-ml-kem/c/libcrux_mlkem_portable.c | 521 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_platform.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2111 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- 31 files changed, 10988 insertions(+), 196 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h create mode 100644 libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_avx2.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_avx2.h diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index f03cb2277..39db7b956 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -118,24 +118,6 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); -typedef struct - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; - libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( uint8_t value[800U]); @@ -166,12 +148,36 @@ uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( Eurydice_slice lhs, Eurydice_slice rhs); +typedef struct + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; + void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); +typedef struct + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; + +typedef struct + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { + Eurydice_slice fst; + Eurydice_slice snd; +} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; + Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); @@ -182,6 +188,45 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +typedef struct + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]); + +typedef struct + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]); + +typedef struct + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]); + typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -189,7 +234,7 @@ typedef struct core_option_Option__Eurydice_slice_uint8_t_s { typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -201,10 +246,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..10a2cb5a5 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -0,0 +1,75 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_mlkem_avx2_H +#define __internal_libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_avx2.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 0f14466d1..5773bba52 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h new file mode 100644 index 000000000..11ada5b26 --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -0,0 +1,38 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __internal_libcrux_sha3_avx2_H +#define __internal_libcrux_sha3_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_sha3_avx2.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" + +typedef libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + libcrux_sha3_avx2_x4_incremental_KeccakState4; + +void libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]); + +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_sha3_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 46e81d5c3..c897dae9f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a3accd24c..3863ca9dc 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_core.h" @@ -322,6 +322,48 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d9a0b80fa..52b97c825 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_core_H @@ -128,11 +128,11 @@ typedef struct #define core_result_Err 1 typedef uint8_t - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 9fef0fd8b..40b2e232a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c new file mode 100644 index 000000000..9dbf4e203 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem1024_avx2.h" + +void libcrux_ml_kem_mlkem1024_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h new file mode 100644 index 000000000..d3da0c00c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem1024_avx2_H +#define __libcrux_mlkem1024_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" + +void libcrux_ml_kem_mlkem1024_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f292fbfbd..b63311db9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 321bfbf6e..2479e6391 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 5d00daade..5256458eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c new file mode 100644 index 000000000..14cd4287a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -0,0 +1,163 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem512_avx2.h" + +#include "internal/libcrux_mlkem_avx2.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); + } + return uu____0; +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + public_key); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h new file mode 100644 index 000000000..34801018a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -0,0 +1,89 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem512_avx2_H +#define __libcrux_mlkem512_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 126402c11..8a1a92703 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 607fa0ae7..9ad10a424 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 59e587f22..c69fb58ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c new file mode 100644 index 000000000..4497d2302 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -0,0 +1,54 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "libcrux_mlkem768_avx2.h" + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h new file mode 100644 index 000000000..373792504 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem768_avx2_H +#define __libcrux_mlkem768_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_avx2.h" + +void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6b485ab48..06ce4a50d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 03b200b57..d7b8a5c6f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c new file mode 100644 index 000000000..2cfe23c30 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -0,0 +1,7415 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i uu____0 = vector; + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i uu____0 = vector; + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i uu____1 = t; + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = quotient; + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + uu____0, libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, rhs, core_core_arch_x86___m256i)); + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + uu____1, libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i uu____0 = value_low; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +inline core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i uu____0 = value_low; + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i uu____1 = k; + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i uu____0 = rhs; + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum0; + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = rhs; + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i uu____1 = sum; + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i uu____0 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + uu____0, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + core_core_arch_x86___m256i combined0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, + core_core_arch_x86___m256i); + return combined0; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i uu____0 = v; + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i uu____1 = k; + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + uu____1, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i uu____0 = right0; + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i uu____1 = rhs; + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, + (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, + (int8_t)0, (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)1 << 15U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____1, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)16U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____2 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____3 = (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____4 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____5 = (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____6 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____7 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____8 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____9 = (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____10 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____11 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____12 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____13 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t uu____14 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + uu____7, uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, + uu____14, + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_in_lsb; + return libcrux_intrinsics_avx2_mm256_and_si256( + uu____15, libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - + (int16_t)1)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_8_combined; + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t ret0[10U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + uint8_t uu____0 = + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____1 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____2 = + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____3 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____4 = + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____5 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____6 = + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____7 = + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____8 = + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____9 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____10 = + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____11 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____12 = + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____13 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + uint8_t uu____14 = + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + uu____8, uu____9, uu____10, uu____11, uu____12, uu____13, uu____14, + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____15 = coefficients_loaded0; + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____15, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i uu____16 = coefficients0; + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + uu____16, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, + (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)10U, .end = (size_t)26U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)4U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 13U, + 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]) { + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + memcpy(lit.elements, uu____0, (size_t)16U * sizeof(int16_t)); + return lit; +} + +inline void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]) { + uint8_t result[22U] = {0U}; + result[0U] = (uint8_t)v.elements[0U]; + result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | + (uint32_t)(uint8_t)(v.elements[0U] >> 8U); + result[2U] = (uint32_t)(uint8_t)(v.elements[2U] & (int16_t)3) << 6U | + (uint32_t)(uint8_t)(v.elements[1U] >> 5U); + result[3U] = (uint8_t)(v.elements[2U] >> 2U & (int16_t)255); + result[4U] = (uint32_t)(uint8_t)(v.elements[3U] & (int16_t)127) << 1U | + (uint32_t)(uint8_t)(v.elements[2U] >> 10U); + result[5U] = (uint32_t)(uint8_t)(v.elements[4U] & (int16_t)15) << 4U | + (uint32_t)(uint8_t)(v.elements[3U] >> 7U); + result[6U] = (uint32_t)(uint8_t)(v.elements[5U] & (int16_t)1) << 7U | + (uint32_t)(uint8_t)(v.elements[4U] >> 4U); + result[7U] = (uint8_t)(v.elements[5U] >> 1U & (int16_t)255); + result[8U] = (uint32_t)(uint8_t)(v.elements[6U] & (int16_t)63) << 2U | + (uint32_t)(uint8_t)(v.elements[5U] >> 9U); + result[9U] = (uint32_t)(uint8_t)(v.elements[7U] & (int16_t)7) << 5U | + (uint32_t)(uint8_t)(v.elements[6U] >> 6U); + result[10U] = (uint8_t)(v.elements[7U] >> 3U); + result[11U] = (uint8_t)v.elements[(size_t)8U + (size_t)0U]; + result[12U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] & (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)0U] >> 8U); + result[13U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] & (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)1U] >> 5U); + result[14U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 2U & (int16_t)255); + result[15U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] & (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)2U] >> 10U); + result[16U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] & (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)3U] >> 7U); + result[17U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] & (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)4U] >> 4U); + result[18U] = + (uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 1U & (int16_t)255); + result[19U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] & (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)5U] >> 9U); + result[20U] = + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)7U] & (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(v.elements[(size_t)8U + (size_t)6U] >> 6U); + result[21U] = (uint8_t)(v.elements[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U]; + libcrux_ml_kem_vector_avx2_to_i16_array(vector, array); + int16_t uu____0[16U]; + memcpy(uu____0, array, (size_t)16U * sizeof(int16_t)); + libcrux_ml_kem_vector_avx2_portable_PortableVector input = + libcrux_ml_kem_vector_avx2_portable_from_i16_array(uu____0); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_portable_serialize_11(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + uint8_t ret0[22U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void) { + libcrux_ml_kem_vector_avx2_portable_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector result = + libcrux_ml_kem_vector_avx2_portable_zero(); + int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____1 = + &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); + result.elements[0U] = uu____0 | (int16_t)uu____1[0U]; + int16_t uu____2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____3 = + &Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t); + result.elements[1U] = uu____2 | (int16_t)uu____3[0U] >> 3U; + int16_t uu____4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____5 = + uu____4 | (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U; + uint8_t *uu____6 = + &Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t); + result.elements[2U] = uu____5 | (int16_t)uu____6[0U] >> 6U; + int16_t uu____7 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____8 = + &Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t); + result.elements[3U] = uu____7 | (int16_t)uu____8[0U] >> 1U; + int16_t uu____9 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____10 = + &Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t); + result.elements[4U] = uu____9 | (int16_t)uu____10[0U] >> 4U; + int16_t uu____11 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____12 = + uu____11 | (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U; + uint8_t *uu____13 = + &Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t); + result.elements[5U] = uu____12 | (int16_t)uu____13[0U] >> 7U; + int16_t uu____14 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____15 = + &Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t); + result.elements[6U] = uu____14 | (int16_t)uu____15[0U] >> 2U; + int16_t uu____16 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____17 = + &Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t); + result.elements[7U] = uu____16 | (int16_t)uu____17[0U] >> 5U; + int16_t uu____18 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U; + uint8_t *uu____19 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + result.elements[8U] = uu____18 | (int16_t)uu____19[0U]; + int16_t uu____20 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U; + uint8_t *uu____21 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + result.elements[9U] = uu____20 | (int16_t)uu____21[0U] >> 3U; + int16_t uu____22 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U; + int16_t uu____23 = + uu____22 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 2U; + uint8_t *uu____24 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + result.elements[10U] = uu____23 | (int16_t)uu____24[0U] >> 6U; + int16_t uu____25 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U; + uint8_t *uu____26 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)4U, + uint8_t, uint8_t *, uint8_t); + result.elements[11U] = uu____25 | (int16_t)uu____26[0U] >> 1U; + int16_t uu____27 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U; + uint8_t *uu____28 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)5U, + uint8_t, uint8_t *, uint8_t); + result.elements[12U] = uu____27 | (int16_t)uu____28[0U] >> 4U; + int16_t uu____29 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U; + int16_t uu____30 = + uu____29 | (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)7U, + uint8_t, uint8_t *, uint8_t) + << 1U; + uint8_t *uu____31 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)6U, + uint8_t, uint8_t *, uint8_t); + result.elements[13U] = uu____30 | (int16_t)uu____31[0U] >> 7U; + int16_t uu____32 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U; + uint8_t *uu____33 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)8U, + uint8_t, uint8_t *, uint8_t); + result.elements[14U] = uu____32 | (int16_t)uu____33[0U] >> 2U; + int16_t uu____34 = + (int16_t)Eurydice_slice_index(bytes, (size_t)11U + (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U; + uint8_t *uu____35 = &Eurydice_slice_index(bytes, (size_t)11U + (size_t)9U, + uint8_t, uint8_t *, uint8_t); + result.elements[15U] = uu____34 | (int16_t)uu____35[0U] >> 5U; + return result; +} + +inline void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]) { + memcpy(ret, v.elements, (size_t)16U * sizeof(int16_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_avx2_portable_PortableVector output = + libcrux_ml_kem_vector_avx2_portable_deserialize_11(bytes); + int16_t ret[16U]; + libcrux_ml_kem_vector_avx2_portable_to_i16_array(output, ret); + return libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_array_to_slice((size_t)16U, ret, int16_t, Eurydice_slice)); +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i uu____0 = vector; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + uu____0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i uu____1 = adjacent_2_combined; + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + uu____1, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = adjacent_4_combined0; + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + uu____2, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)28U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice((size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____0 = lower_coefficients; + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____0, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( + bytes, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m128i uu____1 = upper_coefficients; + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + uu____1, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, + 11U, 11U, 10U, 9U, 8U, + 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____2 = coefficients2; + core_core_arch_x86___m256i coefficients3 = + libcrux_intrinsics_avx2_mm256_and_si256( + uu____2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); + return coefficients3; +} + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice( + output, + ((core_ops_range_Range__size_t){.start = sampled_count, + .end = sampled_count + (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +inline libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self) { + return self[0U]; +} + +inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline core_core_arch_x86___m256i shift_right___15int32_t( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i shift_right___15int32_t0( + core_core_arch_x86___m256i vector) { + return shift_right___15int32_t(vector); +} + +static core_core_arch_x86___m256i +to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right___15int32_t0(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, + .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = self; + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____2, uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice_subslice( + a, + ((core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[3U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t; + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out12 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out12, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out2 = uu____1.snd; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, + Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); + return uu____0; +} + +static inline void ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector; + +static core_core_arch_x86___m256i +montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, fer); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector(b, + zeta_r); + b = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &t); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + out = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static core_core_arch_x86___m256i +to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_avx2_SIMD256Vector( + self->coefficients[j]); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_1152size_t__uint8_t_1184size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_minus_b, zeta_r); + return (( + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ + .fst = a, .snd = b}); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static core_core_arch_x86___m256i +decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i uu____0 = + decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + coefficient_normal_form, &tmp); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___10int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___10int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___10int32_t(vector); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___10int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, + .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___11int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___11int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___11int32_t(vector); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___4int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___4int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___4int32_t(vector); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___4int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_x86___m256i +compress_ciphertext_coefficient___5int32_t(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i compress___5int32_t( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient___5int32_t(vector); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = compress___5int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, + .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___10int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, + .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i +decompress_ciphertext_coefficient___11int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___11int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, + .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___4int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___4int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___4int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, + .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + bytes); + core_core_arch_x86___m256i uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___5int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +static core_core_arch_x86___m256i decompress_ciphertext_coefficient___5int32_t0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient___5int32_t(vector); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, + .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + core_core_arch_x86___m256i uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, + .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], + uint8_t(*)[504U], uint8_t[504U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___4size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____3 = self; + Eurydice_slice uu____4 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], + uint8_t(*)[168U], uint8_t[168U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[4U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t; + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out123 = uu____0.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____1 = core_slice___Slice_T___split_at_mut( + out123, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out1 = uu____1.fst; + Eurydice_slice out23 = uu____1.snd; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____2 = core_slice___Slice_T___split_at_mut( + out23, (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out2 = uu____2.fst; + Eurydice_slice out3 = uu____2.snd; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____8 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____9 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, + Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], + uint8_t(*)[128U], uint8_t[128U]), + uint8_t, Eurydice_slice)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_1536size_t__uint8_t_1568size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = compress___11int32_t( + to_unsigned_representative__libcrux_ml_kem_vector_avx2_SIMD256Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, + .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re, + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector(re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re, + (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( + serialized); + return uu____0; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( + implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_portable_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + state = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +static inline void shake128_squeeze_three_blocks___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t dummy_out0[504U] = {0U}; + uint8_t dummy_out1[504U] = {0U}; + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], + Eurydice_slice), + (size_t)1U, uint8_t[504U], + K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)504U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], + uint8_t[504U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___2size_t( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t dummy_out0[168U] = {0U}; + uint8_t dummy_out1[168U] = {0U}; + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], + Eurydice_slice), + (size_t)1U, uint8_t[168U], + K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____1 = self; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice( + (size_t)168U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], + uint8_t[168U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + uu____1, uu____2, uu____3, uu____4, + Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + ((core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + ((core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_array_to_subslice((size_t)272U, s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + fst[2U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t; + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t dummy_out0[192U] = {0U}; + uint8_t dummy_out1[192U] = {0U}; + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], + Eurydice_slice), + (size_t)1U, uint8_t[192U], + K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)192U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], + uint8_t[192U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static K___uint8_t_768size_t__uint8_t_800size_t_ +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + K___uint8_t_768size_t__uint8_t_800size_t_ lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t dummy_out0[128U] = {0U}; + uint8_t dummy_out1[128U] = {0U}; + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ + uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], + Eurydice_slice), + (size_t)1U, uint8_t[128U], + K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); + Eurydice_slice out0 = uu____0.fst; + Eurydice_slice out1 = uu____0.snd; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = Eurydice_array_to_slice( + (size_t)128U, + Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], + uint8_t[128U]), + uint8_t, Eurydice_slice); + Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, + uint8_t, Eurydice_slice); + libcrux_sha3_avx2_x4_shake256( + uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, + Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, + Eurydice_slice)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_avx2_SIMD256Vector(&zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(&result[i1], + &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); + result = add_message_error_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + ((core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + ((core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + product = ntt_multiply__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &result); + result = subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector(v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____8 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h new file mode 100644 index 000000000..5ae63072a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -0,0 +1,294 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 + */ + +#ifndef __libcrux_mlkem_avx2_H +#define __libcrux_mlkem_avx2_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO( + void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( + Eurydice_slice array); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___multiply_by_constant( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___cond_subtract_3329( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___compress_1( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ntt_multiply( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +typedef struct libcrux_ml_kem_vector_avx2_portable_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_avx2_portable_PortableVector; + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_from_i16_array(int16_t array[16U]); + +void libcrux_ml_kem_vector_avx2_portable_serialize_11( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_zero(void); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable_deserialize_11(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_portable_to_i16_array( + libcrux_ml_kem_vector_avx2_portable_PortableVector v, int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +size_t +libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___rej_sample( + Eurydice_slice input, Eurydice_slice output); + +libcrux_ml_kem_vector_avx2_portable_PortableVector +libcrux_ml_kem_vector_avx2_portable___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__portable__PortableVector___clone( + libcrux_ml_kem_vector_avx2_portable_PortableVector *self); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2___core__clone__Clone_for_libcrux_ml_kem__vector__avx2__SIMD256Vector__1__clone( + core_core_arch_x86___m256i *self); + +typedef struct + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_avx2_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 876d3b5bb..30688d413 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" @@ -44,6 +44,521 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( void) { libcrux_ml_kem_vector_portable_PortableVector lit; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c2a28afa5..078c0cbd3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H @@ -27,6 +27,10 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_PortableVector; diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h index 13d7131d4..988a2e7f2 100644 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ b/libcrux-ml-kem/c/libcrux_platform.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_platform_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index f143434fa..87bfd1a1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 08549e08a..49e0302b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,111 +1,2028 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; +static inline core_core_arch_x86___m256i zero(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i _veor5q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)1, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vrax1q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i rotate_left1_and_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i _vbcaxq_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i and_not_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64( + core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant( + core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + a[1U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + a[2U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = Eurydice_slice_subslice( + a[3U], + ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +new__core_core_arch_x86___m256i_4size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)41, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)18, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)10, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)45, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)6, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)15, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)55, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)27, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)14, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_x86___m256i uu____0 = and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + size_t i) { + core_core_arch_x86___m256i uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = { + uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = new__core_core_arch_x86___m256i_4size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + ((core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + ((core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); } inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + ((core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3) { + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + ((core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + ((core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + ((core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + ((core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___168size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7fbdbc8a2..2f9e86a7b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H @@ -15,32 +15,38 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_sha3_internal.h" + +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 9428aa94d..e796057eb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H From bac336ba8eeb7764b8d9968048aa362f25a2c7d5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 11:33:21 +0200 Subject: [PATCH 37/74] don't always clean in c.sh --- libcrux-ml-kem/c.sh | 16 +++++++++++----- libcrux-ml-kem/c/profile-macos.sh | 25 +++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 5 deletions(-) create mode 100755 libcrux-ml-kem/c/profile-macos.sh diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 1017995a1..7edb43093 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -15,6 +15,7 @@ fi portable_only=0 no_hacl=0 no_charon=0 +clean=0 # Parse command line arguments. all_args=("$@") @@ -23,6 +24,7 @@ while [ $# -gt 0 ]; do -p | --portable) portable_only=1 ;; --no-hacl) no_hacl=1 ;; --no-charon) no_charon=1 ;; + -c | --clean) clean=1 ;; esac shift done @@ -39,7 +41,7 @@ if [[ "$no_charon" = 0 ]]; then (cd ../libcrux-sha3 && RUSTFLAGS="--cfg eurydice" $CHARON_HOME/bin/charon --errors-as-warnings) if ! [[ -f ../libcrux_sha3.llbc ]]; then echo "😱😱😱 You are the victim of this bug: https://hacspec.zulipchat.com/#narrow/stream/433829-Circus/topic/charon.20declines.20to.20generate.20an.20llbc.20file" - echo "Suggestion: rm -rf ../target" + echo "Suggestion: rm -rf ../target or cargo clean" exit 1 fi echo "Running charon (ml-kem) ..." @@ -51,10 +53,14 @@ fi mkdir -p c cd c -rm -rf *.c *.h -# HAND_WRITTEN FILE -git checkout libcrux_platform.c -rm -rf internal/*.h +# Clean only when requesting it. +# Note that we can not extract for all platforms on any platform right now. +# Make sure to keep files from other platforms. +if [[ "$clean" = 1 ]]; then + rm -rf *.c *.h + rm -rf internal/*.h +fi + echo "Running eurydice ..." $EURYDICE_HOME/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc cp $EURYDICE_HOME/include/eurydice_glue.h . diff --git a/libcrux-ml-kem/c/profile-macos.sh b/libcrux-ml-kem/c/profile-macos.sh new file mode 100755 index 000000000..3e1c52415 --- /dev/null +++ b/libcrux-ml-kem/c/profile-macos.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +set -o errexit +set -o nounset + +if [ "$#" -lt 1 ] +then + echo "Usage $0 [arguments...]" 1>&2 + exit 1 +fi + +PROGRAM="$(realpath "$1")" +shift + +OUTPUT="/tmp/cpu_profile_$(whoami)_$(basename "$PROGRAM").trace" +echo "Profiling $PROGRAM into $OUTPUT" 1>&2 +# Delete potential previous traces +rm -rf "$OUTPUT" +xcrun xctrace record \ + --template 'CPU Profiler' \ + --no-prompt \ + --output "$OUTPUT" \ + --target-stdout - \ + --launch -- "$PROGRAM" "$@" +open "$OUTPUT" From 77dad6a336d92d561a56f93c173268fa782a361f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 11:33:47 +0200 Subject: [PATCH 38/74] drop unused platform files --- libcrux-ml-kem/c/libcrux_platform.c | 13 ------------- libcrux-ml-kem/c/libcrux_platform.h | 26 -------------------------- 2 files changed, 39 deletions(-) delete mode 100644 libcrux-ml-kem/c/libcrux_platform.c delete mode 100644 libcrux-ml-kem/c/libcrux_platform.h diff --git a/libcrux-ml-kem/c/libcrux_platform.c b/libcrux-ml-kem/c/libcrux_platform.c deleted file mode 100644 index d3ad8da95..000000000 --- a/libcrux-ml-kem/c/libcrux_platform.c +++ /dev/null @@ -1,13 +0,0 @@ -// HAND-WRITTEN FILE - -#include - -bool libcrux_platform_platform_simd128_support(void) { - // TODO: query cpuid and cache the results!! - return true; -} - -bool libcrux_platform_platform_simd256_support(void) { - // TODO: query cpuid and cache the results!! - return true; -} diff --git a/libcrux-ml-kem/c/libcrux_platform.h b/libcrux-ml-kem/c/libcrux_platform.h deleted file mode 100644 index 988a2e7f2..000000000 --- a/libcrux-ml-kem/c/libcrux_platform.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 - */ - -#ifndef __libcrux_platform_H -#define __libcrux_platform_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -extern bool libcrux_platform_platform_simd256_support(void); - -extern bool libcrux_platform_platform_simd128_support(void); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_platform_H_DEFINED -#endif From b3a1293210d523df60544ebe095ca7c1024a6689 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 11:39:14 +0200 Subject: [PATCH 39/74] run C mlkem on ci --- .github/workflows/c.yml | 50 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/c.yml diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml new file mode 100644 index 000000000..9233265e0 --- /dev/null +++ b/.github/workflows/c.yml @@ -0,0 +1,50 @@ +name: Build & Test C + +on: + push: + branches: ["main", "dev"] + pull_request: + branches: ["main", "dev"] + workflow_dispatch: + merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + strategy: + fail-fast: false + matrix: + bits: [32, 64] + os: + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + - bits: 32 + os: "macos-latest" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem/c + + steps: + - uses: actions/checkout@v4 + + - name: 🔨 Build + run: | + cmake -B build -G "Ninja Multi-Config" + cmake --build build + + - name: 🏃🏻‍♀️ Test + run: ./build/Debug/ml_kem_test + + - name: 🔨 Build Release + run: cmake --build build --config Release + + - name: 🏃🏻‍♀️ Benchmark + run: ./build/Release/ml_kem_bench From f6fb4860bf607efc324be1e67101c4a7f18a1685 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 11:52:29 +0200 Subject: [PATCH 40/74] don't use ninja on ci for now --- .github/workflows/c.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index 9233265e0..a4137eeef 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -17,14 +17,10 @@ jobs: strategy: fail-fast: false matrix: - bits: [32, 64] os: - macos-latest - ubuntu-latest - windows-latest - exclude: - - bits: 32 - os: "macos-latest" runs-on: ${{ matrix.os }} defaults: @@ -37,14 +33,16 @@ jobs: - name: 🔨 Build run: | - cmake -B build -G "Ninja Multi-Config" + cmake -B build cmake --build build - name: 🏃🏻‍♀️ Test run: ./build/Debug/ml_kem_test - name: 🔨 Build Release - run: cmake --build build --config Release + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release - name: 🏃🏻‍♀️ Benchmark run: ./build/Release/ml_kem_bench From 7829dd11ba7cd8f1255c3296d18fc7767940cc5b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 12:51:49 +0200 Subject: [PATCH 41/74] fixup windows --- libcrux-ml-kem/c/CMakeLists.txt | 43 ++++++++-------- libcrux-ml-kem/c/benches/mlkem768.cc | 56 ++++++++++++++++++++- libcrux-ml-kem/c/benches/mlkem768_encaps.cc | 1 - libcrux-ml-kem/c/benches/mlkem768_keygen.cc | 1 - libcrux-ml-kem/c/eurydice_glue.h | 20 +++++--- libcrux-ml-kem/c/internal/libcrux_core.h | 3 -- libcrux-ml-kem/c/libcrux_sha3_internal.h | 46 ++++++++--------- 7 files changed, 113 insertions(+), 57 deletions(-) diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index b8f4f983f..017924161 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -11,21 +11,22 @@ project(libcrux-ml-kem ) set(CMAKE_C_STANDARD 11) -set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD 20) -# FIXME: Windows? -add_compile_options( - -Wall - - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion - $<$:-g> - $<$:-Og> - $<$:-g> - $<$:-O3> -) +if(NOT MSVC) + # TODO: Clean up + add_compile_options( + -Wall + # -Wextra + # -pedantic + # -Wconversion + # -Wsign-conversion + $<$:-g> + $<$:-Og> + $<$:-g> + $<$:-O3> + ) +endif(NOT MSVC) set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( @@ -78,14 +79,16 @@ if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64") add_library(ml_kem_vec256 OBJECT ${SOURCES_vec256}) target_sources(ml_kem_static PRIVATE $) target_sources(ml_kem PRIVATE $) - target_compile_options(ml_kem_vec256 PRIVATE - -mavx - -mavx2 - ) + if(NOT MSVC) + target_compile_options(ml_kem_vec256 PRIVATE + -mavx + -mavx2 + ) + endif(NOT MSVC) endif() # This is only for local testing and we assume neon on arm64. -if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8") +if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8" AND DEFINED $ENV{LIBCRUX_NEON}) message(STATUS "Detected an arm64 architecture") add_compile_definitions(LIBCRUX_AARCH64) @@ -179,5 +182,3 @@ target_link_libraries(sha3_bench PRIVATE ml_kem_static benchmark::benchmark ) -target_compile_definitions(sha3_bench PUBLIC HACL_CAN_COMPILE_VEC256) -target_compile_options(sha3_bench PRIVATE) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index c88c747f4..5d9160fea 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -8,7 +8,6 @@ #include -#include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" @@ -125,4 +124,59 @@ BENCHMARK(kyber768_encapsulation_neon); BENCHMARK(kyber768_decapsulation_neon); #endif +#ifdef LIBCRUX_X64 +#include "libcrux_mlkem768_avx2.h" + +static void +kyber768_key_generation_avx2(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + } +} + +static void +kyber768_encapsulation_avx2(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + } +} + +static void +kyber768_decapsulation_avx2(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation_avx2); +BENCHMARK(kyber768_encapsulation_avx2); +BENCHMARK(kyber768_decapsulation_avx2); +#endif + BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc index 4831e07eb..d7c2a5076 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc @@ -8,7 +8,6 @@ #include -#include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc index fd3432f93..a7271277f 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc @@ -8,7 +8,6 @@ #include -#include "libcrux_sha3.h" #include "libcrux_mlkem768.h" #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index d9e6cec67..edfffa601 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -21,6 +21,12 @@ extern "C" { // SLICES, ARRAYS, ETC. +#if defined(__cplusplus) + #define CLITERAL(type) type +#else + #define CLITERAL(type) (type) +#endif + // We represent a slice as a pair of an (untyped) pointer, along with the length // of the slice, i.e. the number of elements in the slice (this is NOT the // number of bytes). This design choice has two important consequences. @@ -41,7 +47,7 @@ typedef struct { // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. #define EURYDICE_SLICE(x, start, end) \ - ((Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) + (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an // array, you cannot simply write `t x` as it would yield `int[4] x` instead, @@ -83,10 +89,10 @@ typedef struct { Eurydice_array_eq #define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - ((ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + (CLITERAL(ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) #define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - ((ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ + (CLITERAL(ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) @@ -160,8 +166,8 @@ static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { #define core_num_nonzero_NonZeroUsize size_t #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) // Old name (TODO: remove once everyone has upgraded to the latest Charon) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ @@ -225,8 +231,8 @@ typedef struct { #define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ ret_t) \ (((iter)->index == (iter)->s.len) \ - ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ .f0 = ((iter)->index++, \ &((t *)((iter)->s.ptr))[(iter)->index - 1])})) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 39db7b956..b826ad544 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -15,9 +15,6 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( - core_fmt_rt_Argument x0[0U]); - extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( Eurydice_slice x0, Eurydice_slice x1); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e796057eb..360486d5e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -112,7 +112,7 @@ static inline void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { ret[0U] = Eurydice_slice_subslice( a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, .end = start + len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); } @@ -218,7 +218,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___168size_t( &dst, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); @@ -895,7 +895,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; @@ -916,7 +916,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___168size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; @@ -1086,7 +1086,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { @@ -1132,7 +1132,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___104size_t( &dst, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); @@ -1193,7 +1193,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -1214,7 +1214,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___104size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; @@ -1363,7 +1363,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { @@ -1409,7 +1409,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___144size_t( &dst, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); @@ -1470,7 +1470,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -1491,7 +1491,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___144size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; @@ -1640,7 +1640,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { @@ -1686,7 +1686,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___136size_t( &dst, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); @@ -1747,7 +1747,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; @@ -1768,7 +1768,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___136size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; @@ -1917,7 +1917,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { @@ -1963,7 +1963,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -2025,7 +2025,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { @@ -2071,7 +2071,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___72size_t( &dst, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); @@ -2132,7 +2132,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -2153,7 +2153,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___72size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; @@ -2302,7 +2302,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( &s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { From c851d5b614a0e8f34e84010fdca56caca5da11f7 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 10 Jun 2024 13:13:19 +0200 Subject: [PATCH 42/74] more build fixes --- .github/workflows/c.yml | 12 ++++++++++++ libcrux-ml-kem/c/CMakeLists.txt | 18 +++++++++++------- libcrux-ml-kem/c/benches/sha3.cc | 16 +++++++--------- 3 files changed, 30 insertions(+), 16 deletions(-) diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index a4137eeef..b70951dfb 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -38,11 +38,23 @@ jobs: - name: 🏃🏻‍♀️ Test run: ./build/Debug/ml_kem_test + if: ${{ matrix.os == 'windows-latest' }} + + - name: 🏃🏻‍♀️ Test + run: ./build/ml_kem_test + if: ${{ matrix.os != 'windows-latest' }} - name: 🔨 Build Release run: | + rm -rf build cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build --config Release - name: 🏃🏻‍♀️ Benchmark run: ./build/Release/ml_kem_bench + if: ${{ matrix.os == 'windows-latest' }} + + - name: 🏃🏻‍♀️ Benchmark + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' }} + diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 017924161..f74d91c71 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -175,10 +175,14 @@ target_link_libraries(ml_kem_encaps PRIVATE target_compile_definitions(ml_kem_encaps PUBLIC HACL_CAN_COMPILE_VEC256) target_compile_options(ml_kem_encaps PRIVATE) -add_executable(sha3_bench - ${PROJECT_SOURCE_DIR}/benches/sha3.cc -) -target_link_libraries(sha3_bench PRIVATE - ml_kem_static - benchmark::benchmark -) +if(NOT MSVC) + # We benchmark internal functions here that are inlined and thus not available + # in MSVC. + add_executable(sha3_bench + ${PROJECT_SOURCE_DIR}/benches/sha3.cc + ) + target_link_libraries(sha3_bench PRIVATE + ml_kem_static + benchmark::benchmark + ) +endif(NOT MSVC) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 9c5b88fb1..b2712feae 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -6,7 +6,6 @@ * - http://opensource.org/licenses/MIT */ - #include // TODO: FIXME: why is the macro definition in @@ -70,18 +69,17 @@ shake128_34_504(benchmark::State &state) uint8_t input[34]; generate_random(input, 34); - Eurydice_slice last[4] = {EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34),EURYDICE_SLICE(input,0,34)}; - Eurydice_slice out[4] = {EURYDICE_SLICE(digest0,0,504),EURYDICE_SLICE(digest1,0,504),EURYDICE_SLICE(digest2,0,504),EURYDICE_SLICE(digest3,0,504)}; - // libcrux_sha3_portable_sha256(EURYDICE_SLICE(input, 0, 32), EURYDICE_SLICE(digest, 0, 32)); + Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; + Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st,out); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st, out); for (auto _ : state) { - libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st,last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st,out); + libcrux_sha3_avx2_x4_incremental_KeccakState4 st = libcrux_sha3_avx2_x4_incremental_shake128_init(); + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t(&st, out); } } From 51b0d8c697fe7e4edc8fb0f012a231d6ffdcd5c6 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Mon, 10 Jun 2024 16:48:51 +0200 Subject: [PATCH 43/74] nix: use `fetchFromGitHub` --- flake.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 90b35d678..ff94c2893 100644 --- a/flake.nix +++ b/flake.nix @@ -24,12 +24,16 @@ system: let pkgs = import inputs.nixpkgs { inherit system; }; - googletest = pkgs.fetchzip { - url = "https://github.com/google/googletest/archive/refs/tags/release-1.11.0.zip"; + googletest = pkgs.fetchFromGitHub { + owner = "google"; + repo = "googletest"; + rev = "release-1.11.0"; sha256 = "SjlJxushfry13RGA7BCjYC9oZqV4z6x8dOiHfl/wpF0="; }; - json = pkgs.fetchzip { - url = "https://github.com/nlohmann/json/archive/refs/tags/v3.10.3.zip"; + json = pkgs.fetchFromGitHub { + owner = "nlohmann"; + repo = "json"; + rev = "v3.10.3"; sha256 = "EBzwaHyDWF8h/z3Zfq4p/n5Vpz7Ozlc3eoWDKXWv2YY="; }; craneLib = inputs.crane.mkLib pkgs; From a9bfdc984f834f1f27287e205c814b0e94e4b1b7 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Mon, 10 Jun 2024 18:09:47 +0200 Subject: [PATCH 44/74] fetch `benchmark` with `FetchContent` --- flake.nix | 8 +++++++- libcrux-ml-kem/c/CMakeLists.txt | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index ff94c2893..a694e47c0 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,12 @@ rev = "release-1.11.0"; sha256 = "SjlJxushfry13RGA7BCjYC9oZqV4z6x8dOiHfl/wpF0="; }; + benchmark = pkgs.fetchFromGitHub { + owner = "google"; + repo = "benchmark"; + rev = "v1.8.4"; + sha256 = "O+1ZHaNHSkKz3PlKDyI94LqiLtjyrKxjOIi8Q236/MI="; + }; json = pkgs.fetchFromGitHub { owner = "nlohmann"; repo = "json"; @@ -45,7 +51,6 @@ nativeBuildInputs = [ pkgs.clang-tools pkgs.cmake - pkgs.gbenchmark pkgs.mold-wrapped pkgs.ninja pkgs.python3 @@ -56,6 +61,7 @@ cd c cmake \ -DFETCHCONTENT_SOURCE_DIR_GOOGLETEST=${googletest} \ + -DFETCHCONTENT_SOURCE_DIR_BENCHMARK=${benchmark} \ -DFETCHCONTENT_SOURCE_DIR_JSON=${json} \ -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=mold" \ -DCMAKE_SHARED_LINKER_FLAGS="-fuse-ld=mold" \ diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index 25829913a..b464228e0 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -108,7 +108,11 @@ target_link_libraries(sha3_test PRIVATE # --- Benchmarks -find_package(benchmark) +FetchContent_Declare(benchmark + GIT_REPOSITORY https://github.com/google/benchmark.git + GIT_TAG v1.8.4 +) +FetchContent_MakeAvailable(benchmark) add_executable(ml_kem_bench ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc From 9418eef81ae38ed13952d2480c39ddfe4ba8f413 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 10 Jun 2024 10:30:57 -0700 Subject: [PATCH 45/74] Regenerate code with the C++ tweak --- libcrux-ml-kem/c.yaml | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 28 +- libcrux-ml-kem/c/internal/libcrux_core.h | 9 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_neon.h | 74 - .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 26 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 55 - libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 40 - libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 163 - libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 89 - libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 54 - libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 40 - libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 258 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 7506 ----------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 301 - libcrux-ml-kem/c/libcrux_mlkem_portable.c | 192 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 284 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 65 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3032 +------ libcrux-ml-kem/c/libcrux_sha3_neon.h | 28 +- 43 files changed, 707 insertions(+), 11707 deletions(-) delete mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c delete mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 72fa642cd..205d9ea99 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -14,7 +14,7 @@ files: - [libcrux_intrinsics, avx2] - name: libcrux_platform - api: + private: - [libcrux_platform, "*"] # SHA3 (no mention of libcrux_mlkem in this section, please) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index edfffa601..0e51e219d 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -22,9 +22,9 @@ extern "C" { // SLICES, ARRAYS, ETC. #if defined(__cplusplus) - #define CLITERAL(type) type +#define CLITERAL(type) type #else - #define CLITERAL(type) (type) +#define CLITERAL(type) (type) #endif // We represent a slice as a pair of an (untyped) pointer, along with the length @@ -89,12 +89,14 @@ typedef struct { Eurydice_array_eq #define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){.fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) #define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){.fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ - .len = slice.len - mid}}) + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ + .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. @@ -166,8 +168,9 @@ static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { #define core_num_nonzero_NonZeroUsize size_t #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ + .f0 = (iter_ptr)->start++})) // Old name (TODO: remove once everyone has upgraded to the latest Charon) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___3__next \ @@ -232,9 +235,10 @@ typedef struct { ret_t) \ (((iter)->index == (iter)->s.len) \ ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = ((iter)->index++, \ - &((t *)((iter)->s.ptr))[(iter)->index - 1])})) + : (CLITERAL(ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) // STRINGS diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b826ad544..5ca28c79c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_core_H @@ -15,6 +15,9 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" +extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( + core_fmt_rt_Argument x0[0U]); + extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( Eurydice_slice x0, Eurydice_slice x1); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 10a2cb5a5..fcda100f7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h deleted file mode 100644 index ab47ba59d..000000000 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#ifndef __internal_libcrux_mlkem_neon_H -#define __internal_libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "../libcrux_mlkem_neon.h" -#include "eurydice_glue.h" -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -#if defined(__cplusplus) -} -#endif - -#define __internal_libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5773bba52..4fa834a92 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 11ada5b26..405e13161 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c897dae9f..32b53c527 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 3863ca9dc..518634a6f 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_core.h" @@ -50,7 +50,8 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1568size_t pk) { - return ((libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____3168size_t @@ -108,7 +109,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1600U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -130,7 +131,8 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t sk, libcrux_ml_kem_types_MlKemPublicKey____1184size_t pk) { - return ((libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } libcrux_ml_kem_types_MlKemPrivateKey____2400size_t @@ -188,7 +190,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1120U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -210,7 +212,7 @@ libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t sk, libcrux_ml_kem_types_MlKemPublicKey____800size_t pk) { - return ((libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t){ .sk = sk, .pk = pk}); } @@ -262,7 +264,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)33U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -277,7 +279,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)34U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -299,7 +301,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)800U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -314,7 +316,7 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)64U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = core_slice___Slice_T___len(slice, uint8_t, size_t)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 52b97c825..6d6e8dcac 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 40b2e232a..1399bdf00 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 9dbf4e203..e42d25b96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024_avx2.h" @@ -43,11 +43,11 @@ libcrux_ml_kem_mlkem1024_avx2_validate_public_key( uu____0; if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index d3da0c00c..22172d3c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c deleted file mode 100644 index 84791f55e..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem1024_neon.h" - -void libcrux_ml_kem_mlkem1024_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h deleted file mode 100644 index e68f4c51b..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#ifndef __libcrux_mlkem1024_neon_H -#define __libcrux_mlkem1024_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem512_neon.h" - -void libcrux_ml_kem_mlkem1024_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem1024_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ -libcrux_ml_kem_mlkem1024_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem1024_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index b63311db9..66d7f407e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem1024_portable.h" @@ -43,11 +43,11 @@ libcrux_ml_kem_mlkem1024_portable_validate_public_key( uu____0; if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2479e6391..5f38c1f52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 5256458eb..8cdf081a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 14cd4287a..c5d115c11 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512_avx2.h" @@ -80,11 +80,11 @@ libcrux_ml_kem_mlkem512_avx2_validate_public_key( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 34801018a..28682ce54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c deleted file mode 100644 index 2c021222d..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem512_neon.h" - -#include "internal/libcrux_mlkem_neon.h" - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_mlkem512_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uu____0); -} - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - public_key); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ - .tag = core_option_None}); - } - return uu____0; -} - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - public_key); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - public_key); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uu____0); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h deleted file mode 100644 index 0074c9469..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#ifndef __libcrux_mlkem512_neon_H -#define __libcrux_mlkem512_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -void libcrux_ml_kem_mlkem512_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem512_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]); - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( - uint8_t *public_key); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ -libcrux_ml_kem_mlkem512_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( - uint8_t *public_key); - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]); - -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem512_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 8a1a92703..2c66e4f9e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem512_portable.h" @@ -80,11 +80,11 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 9ad10a424..ec949dc4d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c69fb58ac..19cf733d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4497d2302..79ab93993 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768_avx2.h" @@ -42,11 +42,11 @@ libcrux_ml_kem_mlkem768_avx2_validate_public_key( uu____0; if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 373792504..2354c986e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c deleted file mode 100644 index c2d9494e3..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#include "libcrux_mlkem768_neon.h" - -void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - private_key, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____0, uu____1); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uu____0); -} - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ - uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( - public_key.value)) { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_Some, .f0 = public_key}); - } else { - uu____0 = (( - core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ - .tag = core_option_None}); - } - return uu____0; -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h deleted file mode 100644 index 175e2827b..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#ifndef __libcrux_mlkem768_neon_H -#define __libcrux_mlkem768_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem512_neon.h" - -void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]); - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); - -core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 06ce4a50d..8bac4c0fe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "libcrux_mlkem768_portable.h" @@ -42,11 +42,11 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( uu____0; if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( public_key.value)) { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ .tag = core_option_Some, .f0 = public_key}); } else { - uu____0 = (( + uu____0 = (CLITERAL( core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ .tag = core_option_None}); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index d7b8a5c6f..2e8dd612b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 2cfe23c30..a4c6c077c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_mlkem_avx2.h" @@ -674,7 +674,7 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_4( Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice((size_t)16U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -693,14 +693,6 @@ void libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); int16_t uu____0 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t); int16_t uu____1 = (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, @@ -738,6 +730,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { uu____14, (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); core_core_arch_x86___m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); @@ -784,26 +784,26 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( core_core_arch_x86___m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( uu____2, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); core_core_arch_x86___m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)5U, .end = (size_t)21U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -813,7 +813,7 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_5( Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -937,19 +937,19 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)10U, .end = (size_t)26U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -959,7 +959,7 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_10( Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -989,8 +989,8 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____0 = lower_coefficients; core_core_arch_x86___m128i lower_coefficients0 = @@ -1001,8 +1001,8 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( bytes, - ((core_ops_range_Range__size_t){.start = (size_t)4U, - .end = (size_t)20U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)4U, + .end = (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____1 = upper_coefficients; core_core_arch_x86___m128i upper_coefficients0 = @@ -1354,14 +1354,14 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)12U, .end = (size_t)28U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -1371,7 +1371,7 @@ inline void libcrux_ml_kem_vector_avx2_serialize_serialize_12( Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice((size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -1401,8 +1401,8 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( bytes, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____0 = lower_coefficients; core_core_arch_x86___m128i lower_coefficients0 = @@ -1413,8 +1413,8 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice( bytes, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m128i uu____1 = upper_coefficients; core_core_arch_x86___m128i upper_coefficients0 = @@ -1493,8 +1493,8 @@ inline size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice( output, - ((core_ops_range_Range__size_t){.start = sampled_count, - .end = sampled_count + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_count, .end = sampled_count + (size_t)8U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice), upper_coefficients0); size_t uu____0 = sampled_count; @@ -1570,8 +1570,8 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( @@ -1601,7 +1601,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1184 size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -1658,8 +1658,8 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, .end = (size_t)24U * i0 + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -1691,7 +1691,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1152U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -1715,8 +1715,8 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1[3U]; @@ -1861,7 +1861,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -1870,7 +1870,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -1945,7 +1945,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -1954,7 +1954,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -1985,7 +1985,7 @@ from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector(Eurydice_slice a) { libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___from_i16_array( Eurydice_slice_subslice( a, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)16U, .end = (i0 + (size_t)1U) * (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -1999,7 +1999,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -2172,7 +2172,7 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice( randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, .end = chunk_number * (size_t)4U + (size_t)4U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2220,7 +2220,7 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice( randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, .end = chunk_number * (size_t)3U + (size_t)3U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2310,7 +2310,7 @@ ntt_layer_int_vec_step__libcrux_ml_kem_vector_avx2_SIMD256Vector( a, &t); a = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___add( a, &t); - return (( + return (CLITERAL( __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ .fst = a, .snd = b}); } @@ -2713,7 +2713,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -2726,7 +2726,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -2735,7 +2735,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)2400U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2752,7 +2752,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -2766,7 +2766,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2820,7 +2820,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152 size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -2957,7 +2957,7 @@ inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( a, &b)); b = montgomery_multiply_fe__libcrux_ml_kem_vector_avx2_SIMD256Vector( a_minus_b, zeta_r); - return (( + return (CLITERAL( __libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_vector_avx2_SIMD256Vector){ .fst = a, .snd = b}); } @@ -3116,7 +3116,7 @@ deserialize_then_decompress_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_1( Eurydice_array_to_subslice( (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -3260,8 +3260,8 @@ compress_then_serialize_10__libcrux_ml_kem_vector_avx2_SIMD256Vector_320size_t( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3365,7 +3365,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960s re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)960U / (size_t)3U), .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3457,8 +3457,8 @@ compress_then_serialize_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3545,8 +3545,8 @@ compress_then_serialize_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficients, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, .end = (size_t)10U * i0 + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3645,8 +3645,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; @@ -3792,8 +3792,8 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_10( @@ -3878,8 +3878,8 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_11( @@ -3942,7 +3942,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_ size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), @@ -4037,8 +4037,8 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_4( @@ -4122,8 +4122,8 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_avx2_SIMD256Vector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i uu____0 = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_5( @@ -4159,8 +4159,8 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vect size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_core_arch_x86___m256i uu____0 = libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( @@ -4187,7 +4187,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4268,8 +4268,8 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4414,7 +4414,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4454,7 +4454,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1536U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4478,8 +4478,8 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1[4U]; @@ -4632,7 +4632,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -4641,7 +4641,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -4724,7 +4724,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -4733,7 +4733,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -4758,7 +4758,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -5158,7 +5158,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -5171,7 +5171,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -5180,7 +5180,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)3168U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5197,7 +5197,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -5211,7 +5211,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5265,7 +5265,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536 size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -5463,8 +5463,8 @@ compress_then_serialize_11__libcrux_ml_kem_vector_avx2_SIMD256Vector_352size_t( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -5506,7 +5506,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)1408U / (size_t)4U), .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5610,8 +5610,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; @@ -5735,7 +5735,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_ size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), @@ -5787,7 +5787,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -5965,7 +5965,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -6005,7 +6005,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)768U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -6029,8 +6029,8 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____1[2U]; @@ -6167,7 +6167,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6176,7 +6176,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6243,7 +6243,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6252,7 +6252,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6277,7 +6277,7 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_avx2_SIMD256Vector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6672,7 +6672,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -6685,7 +6685,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -6694,7 +6694,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)1632U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6711,7 +6711,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -6725,7 +6725,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6779,7 +6779,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768s size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -7021,7 +7021,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)640U / (size_t)2U), .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -7117,8 +7117,8 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____6 = v; @@ -7212,7 +7212,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_ size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), @@ -7253,7 +7253,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 5ae63072a..e4349f2b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c deleted file mode 100644 index 09fd7ca96..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ /dev/null @@ -1,7506 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void) { - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void) { - return libcrux_ml_kem_vector_neon_simd128ops_ZERO(); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array) { - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( - array, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( - array, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice))}); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(array); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_simd128ops_add(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_simd128ops_sub(lhs, rhs); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant(v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(v.high); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce(v); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - v, c); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_simd128ops_compress_1(v); -} - -inline int16_t -libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -inline core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int32x4_t uu____2 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t uu____3 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int64x2_t uu____2 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t uu____3 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step(a, zeta1, - zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int32x4_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - core_core_arch_arm_shared_neon_int32x4_t uu____2 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - core_core_arch_arm_shared_neon_int32x4_t uu____3 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - a, zeta1, zeta2, zeta3, zeta4); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int64x2_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - uu____0, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int64x2_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - uu____1, - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - core_core_arch_arm_shared_neon_int64x2_t uu____2 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - core_core_arch_arm_shared_neon_int64x2_t uu____3 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step(a, zeta1, - zeta2); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step(a, zeta); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int16x4_t uu____0 = - libcrux_intrinsics_arm64__vget_low_s16(a1b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - uu____0, libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____2 = - libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - uu____1, uu____2, libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int16x4_t uu____3 = - libcrux_intrinsics_arm64__vget_low_s16(a0); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - uu____3, libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; - core_core_arch_arm_shared_neon_int16x4_t uu____5 = - libcrux_intrinsics_arm64__vget_low_s16(a1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - uu____4, uu____5, libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){.low = low2, - .high = high2}); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - lhs, rhs, zeta1, zeta2, zeta3, zeta4); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[2U]) { - uint8_t ret0[2U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_1(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vandq_s16(low, one); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .low = uu____0, .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(a); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[8U]) { - uint8_t ret0[8U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_4(a, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v) { - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret); - uint64_t input = core_num__u64_9__from_le_bytes(ret); - int16_t low[8U] = {0U}; - int16_t high[8U] = {0U}; - low[0U] = (int16_t)(input & 15ULL); - low[1U] = (int16_t)(input >> 4U & 15ULL); - low[2U] = (int16_t)(input >> 8U & 15ULL); - low[3U] = (int16_t)(input >> 12U & 15ULL); - low[4U] = (int16_t)(input >> 16U & 15ULL); - low[5U] = (int16_t)(input >> 20U & 15ULL); - low[6U] = (int16_t)(input >> 24U & 15ULL); - low[7U] = (int16_t)(input >> 28U & 15ULL); - high[0U] = (int16_t)(input >> 32U & 15ULL); - high[1U] = (int16_t)(input >> 36U & 15ULL); - high[2U] = (int16_t)(input >> 40U & 15ULL); - high[3U] = (int16_t)(input >> 44U & 15ULL); - high[4U] = (int16_t)(input >> 48U & 15ULL); - high[5U] = (int16_t)(input >> 52U & 15ULL); - high[6U] = (int16_t)(input >> 56U & 15ULL); - high[7U] = (int16_t)(input >> 60U & 15ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(a); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice((size_t)16U, out, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice((size_t)16U, out, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[10U]) { - uint8_t res[10U] = {0U}; - int16_t out[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, out); - res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); - res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); - res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); - res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); - res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); - res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | - out[(size_t)8U + (size_t)1U] << 5U); - res[6U] = (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | - out[(size_t)8U + (size_t)2U] << 2U) | - out[(size_t)8U + (size_t)3U] << 7U); - res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | - out[(size_t)8U + (size_t)4U] << 4U); - res[8U] = (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | - out[(size_t)8U + (size_t)5U] << 1U) | - out[(size_t)8U + (size_t)6U] << 6U); - res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | - out[(size_t)8U + (size_t)7U] << 3U); - memcpy(ret, res, (size_t)10U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[10U]) { - uint8_t ret0[10U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_5(a, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v) { - uint8_t input0[8U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)8U, input0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)5U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - uint8_t uu____1[8U]; - memcpy(uu____1, input0, (size_t)8U * sizeof(uint8_t)); - uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); - uint8_t input1[8U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)8U, input1, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)5U, .end = (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input1, (size_t)8U * sizeof(uint8_t)); - uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); - int16_t low[8U] = {0U}; - int16_t high[8U] = {0U}; - low[0U] = (int16_t)(low64 & 31ULL); - low[1U] = (int16_t)(low64 >> 5U & 31ULL); - low[2U] = (int16_t)(low64 >> 10U & 31ULL); - low[3U] = (int16_t)(low64 >> 15U & 31ULL); - low[4U] = (int16_t)(low64 >> 20U & 31ULL); - low[5U] = (int16_t)(low64 >> 25U & 31ULL); - low[6U] = (int16_t)(low64 >> 30U & 31ULL); - low[7U] = (int16_t)(low64 >> 35U & 31ULL); - high[0U] = (int16_t)(high64 & 31ULL); - high[1U] = (int16_t)(high64 >> 5U & 31ULL); - high[2U] = (int16_t)(high64 >> 10U & 31ULL); - high[3U] = (int16_t)(high64 >> 15U & 31ULL); - high[4U] = (int16_t)(high64 >> 20U & 31ULL); - high[5U] = (int16_t)(high64 >> 25U & 31ULL); - high[6U] = (int16_t)(high64 >> 30U & 31ULL); - high[7U] = (int16_t)(high64 >> 35U & 31ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(a); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, result32, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice( - (size_t)32U, result32, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)20U, result, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)5U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)5U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice( - (size_t)20U, result, - ((core_ops_range_Range__size_t){.start = (size_t)5U, .end = (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)13U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)20U, result, - ((core_ops_range_Range__size_t){.start = (size_t)10U, - .end = (size_t)15U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)21U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)20U, result, - ((core_ops_range_Range__size_t){.start = (size_t)15U, - .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)29U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[20U]) { - uint8_t ret0[20U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_10(a, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v) { - uint8_t input0[8U] = {0U}; - uint8_t input1[8U] = {0U}; - uint8_t input2[4U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[4U]; - memcpy(uu____5, input2, (size_t)4U * sizeof(uint8_t)); - uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); - int16_t low[8U] = {0U}; - int16_t high[8U] = {0U}; - low[0U] = (int16_t)(input00 & 1023ULL); - low[1U] = (int16_t)(input00 >> 10U & 1023ULL); - low[2U] = (int16_t)(input00 >> 20U & 1023ULL); - low[3U] = (int16_t)(input00 >> 30U & 1023ULL); - low[4U] = (int16_t)(input00 >> 40U & 1023ULL); - low[5U] = (int16_t)(input00 >> 50U & 1023ULL); - low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); - low[7U] = (int16_t)(input10 >> 6U & 1023ULL); - high[0U] = (int16_t)(input10 >> 16U & 1023ULL); - high[1U] = (int16_t)(input10 >> 26U & 1023ULL); - high[2U] = (int16_t)(input10 >> 36U & 1023ULL); - high[3U] = (int16_t)(input10 >> 46U & 1023ULL); - high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); - high[5U] = (int16_t)(input20 >> 2U & 1023U); - high[6U] = (int16_t)(input20 >> 12U & 1023U); - high[7U] = (int16_t)(input20 >> 22U & 1023U); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(a); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[22U]) { - int16_t input[16U]; - libcrux_ml_kem_vector_neon_simd128ops_to_i16_array(v, input); - uint8_t result[22U] = {0U}; - result[0U] = (uint8_t)input[0U]; - result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); - result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); - result[3U] = (uint8_t)(input[2U] >> 2U); - result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); - result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); - result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); - result[7U] = (uint8_t)(input[5U] >> 1U); - result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); - result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); - result[10U] = (uint8_t)(input[7U] >> 3U); - result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; - result[(size_t)11U + (size_t)1U] = - (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | - input[(size_t)8U + (size_t)1U] << 3U); - result[(size_t)11U + (size_t)2U] = - (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | - input[(size_t)8U + (size_t)2U] << 6U); - result[(size_t)11U + (size_t)3U] = - (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); - result[(size_t)11U + (size_t)4U] = - (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | - input[(size_t)8U + (size_t)3U] << 1U); - result[(size_t)11U + (size_t)5U] = - (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | - input[(size_t)8U + (size_t)4U] << 4U); - result[(size_t)11U + (size_t)6U] = - (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | - input[(size_t)8U + (size_t)5U] << 7U); - result[(size_t)11U + (size_t)7U] = - (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); - result[(size_t)11U + (size_t)8U] = - (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | - input[(size_t)8U + (size_t)6U] << 2U); - result[(size_t)11U + (size_t)9U] = - (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | - input[(size_t)8U + (size_t)7U] << 5U); - result[(size_t)11U + (size_t)10U] = - (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[22U]) { - uint8_t ret0[22U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_11(a, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v) { - uint8_t input0[8U] = {0U}; - uint8_t input1[8U] = {0U}; - uint8_t input2[8U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)8U, input2, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)6U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - uint8_t uu____3[8U]; - memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); - uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); - uint8_t uu____4[8U]; - memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); - uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); - uint8_t uu____5[8U]; - memcpy(uu____5, input2, (size_t)8U * sizeof(uint8_t)); - uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); - int16_t low[8U] = {0U}; - int16_t high[8U] = {0U}; - low[0U] = (int16_t)(input00 & 2047ULL); - low[1U] = (int16_t)(input00 >> 11U & 2047ULL); - low[2U] = (int16_t)(input00 >> 22U & 2047ULL); - low[3U] = (int16_t)(input00 >> 33U & 2047ULL); - low[4U] = (int16_t)(input00 >> 44U & 2047ULL); - low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); - low[6U] = (int16_t)(input10 >> 2U & 2047ULL); - low[7U] = (int16_t)(input10 >> 13U & 2047ULL); - high[0U] = (int16_t)(input10 >> 24U & 2047ULL); - high[1U] = (int16_t)(input10 >> 35U & 2047ULL); - high[2U] = (int16_t)(input10 >> 46U & 2047ULL); - high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); - high[4U] = (int16_t)(input20 >> 4U & 2047ULL); - high[5U] = (int16_t)(input20 >> 15U & 2047ULL); - high[6U] = (int16_t)(input20 >> 26U & 2047ULL); - high[7U] = (int16_t)(input20 >> 37U & 2047ULL); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); - return lit; -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(a); -} - -inline void libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, result32, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice( - (size_t)32U, result32, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice( - (size_t)24U, result, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)6U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)6U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice( - (size_t)24U, result, - ((core_ops_range_Range__size_t){.start = (size_t)6U, .end = (size_t)12U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)14U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)24U, result, - ((core_ops_range_Range__size_t){.start = (size_t)12U, - .end = (size_t)18U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)24U, result, - ((core_ops_range_Range__size_t){.start = (size_t)18U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice((size_t)32U, result32, - ((core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)30U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[24U]) { - uint8_t ret0[24U]; - libcrux_ml_kem_vector_neon_simd128ops_serialize_12(a, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)16U, input0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)12U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)12U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice( - (size_t)16U, input1, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)12U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice(v, - ((core_ops_range_Range__size_t){ - .start = (size_t)12U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return ((libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){.low = low, - .high = high}); -} - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(a); -} - -inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option__Eurydice_slice_uint8_t uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( - &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - int16_t uu____8 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - uu____8; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self) { - return self[0U]; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - lit; - lit.coefficients[0U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[1U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[2U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[3U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[4U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[5U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[6U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[7U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[8U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[9U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[10U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[11U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[12U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[13U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[14U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - lit.coefficients[15U] = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(); - return lit; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -shift_right___15int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -shift_right___15int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return shift_right___15int32_t(v); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = - shift_right___15int32_t0(a); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fm = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - a, &fm); -} - -static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[3U], - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1152U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U], - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1184size_t_3size_t( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - shake128_state[2U]; -} Simd128Hash; - -static inline Simd128Hash shake128_init_absorb___3size_t( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uu____1, uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uu____3, uu____4, - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy( - lit.shake128_state, state, - (size_t)2U * - sizeof( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___3size_t( - Simd128Hash *self, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t extra[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = self->shake128_state; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____4 = &self->shake128_state[1U]; - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uu____0, uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uu____2, uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice_subslice( - a, - ((core_ops_range_Range__size_t){ - .start = i0 * (size_t)16U, - .end = (i0 + (size_t)1U) * (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - result.coefficients[i0] = uu____0; - } - return result; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block___3size_t(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [3U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[3U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t; - -static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t extra[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____2, uu____3, uu____4, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, extra, uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t uu____2 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t random_bits_as_u32 = - uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, - uint8_t, uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice( - randomness, - ((core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint32_t uu____0 = (uint32_t)Eurydice_slice_index( - byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); - uint32_t uu____1 = - uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, - uint8_t, uint8_t *, uint8_t) - << 8U; - uint32_t random_bits_as_u24 = - uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, - uint8_t, uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, - Eurydice_slice)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - randomness); - return uu____0; -} - -static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector snd; -} __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - v, fer); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector t = - montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - b, zeta_r); - b = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - a, &t); - a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - a, &t); - return (( - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, .snd = b}); -} - -static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - out = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - self->coefficients[j]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static K___uint8_t_1152size_t__uint8_t_1184size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___3size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)2400U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___3size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( - uu____1, - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___3size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -static inline __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - b, &a); - a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - a_minus_b, zeta_r); - return (( - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector){ - .fst = a, .snd = b}); -} - -static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - __libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R - [zeta_i[0U]]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - coefficient_normal_form, &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [3U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO(), - &v), - (int16_t)1665); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - decompress_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - self->coefficients[i0], &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - error_2, message, result); - return result; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___10int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___10int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return compress___10int32_t(v); -} - -static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___11int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___11int32_t0(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return compress___11int32_t(v); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_320size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[3U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)960U / (size_t)3U), - .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___4int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector compress___4int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return compress___4int32_t(v); -} - -static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - compress___4int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - core_core_arch_arm_shared_neon_uint32x4_t compressed2 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); - return compressed2; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compress___5int32_t(libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector compress___5int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return compress___5int32_t(v); -} - -static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients = - compress___5int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - coefficients, bytes); - Eurydice_slice uu____0 = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___3size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[3U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t___10int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t___10int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t___10int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t___10int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return decompress_ciphertext_coefficient___10int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient___10int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t___11int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t___11int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t___11int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t___11int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___11int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return decompress_ciphertext_coefficient___11int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient___11int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t___4int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t___4int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t___4int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t___4int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___4int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return decompress_ciphertext_coefficient___4int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - bytes); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient___4int32_t0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t___5int32_t(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t___5int32_t(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t___5int32_t(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t___5int32_t(high10); - core_core_arch_arm_shared_neon_int16x8_t uu____0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t uu____1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -static libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -decompress_ciphertext_coefficient___5int32_t0( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v) { - return decompress_ciphertext_coefficient___5int32_t(v); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - serialized); - return uu____0; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_normal_form = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - v, result); - return result; -} - -static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re.coefficients[i0]); - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient_compressed = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___3size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___3size_t_32size_t( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( - uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[4U], - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1536U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U], - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1568size_t_4size_t( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline Simd128Hash shake128_init_absorb___4size_t( - uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uu____1, uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = &state[1U]; - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uu____3, uu____4, - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy( - lit.shake128_state, state, - (size_t)2U * - sizeof( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___4size_t( - Simd128Hash *self, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____3 = self->shake128_state; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____5 = &self->shake128_state[1U]; - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uu____0, uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &self->shake128_state[1U]; - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uu____2, uu____3, - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____7[168U]; - memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block___4size_t(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [4U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[4U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t; - -static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____3, uu____4, uu____5, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____6, uu____7, uu____8, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static K___uint8_t_1536size_t__uint8_t_1568size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___4size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uu____3, domain_separator) - .fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)3168U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___4size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( - uu____1, - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___4size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [4U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - error_2, message, result); - return result; -} - -static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficient = - compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re, - uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_352size_t( - re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[4U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)1408U / (size_t)4U), - .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t_352size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re, - Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - re, out); -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___4size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[4U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t_160size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___4size_t( - Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - serialized); - return uu____0; -} - -static inline void -ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(&zeta_i, - re); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_11size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - serialized); - return uu____0; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_11size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_5size_t( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___4size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___4size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___4size_t_32size_t( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( - uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - key[2U], - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)768U, out, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = (i0 + (size_t)1U) * - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -static inline void -serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U], - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - uu____1, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_800size_t_2size_t( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static void -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline Simd128Hash shake128_init_absorb___2size_t( - uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = state; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - uu____1, uu____2, - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy( - lit.shake128_state, state, - (size_t)2U * - sizeof( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); - return lit; -} - -static inline void shake128_squeeze_three_blocks___2size_t( - Simd128Hash *self, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____1 = self->shake128_state; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = self->shake128_state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - uu____0, uu____1, - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____2[168U]; - memcpy(uu____2, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ - .start = r * (size_t)24U, - .end = r * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - size_t sampled = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - uu____0, - Eurydice_array_to_subslice( - (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ - .start = sampled_coefficients[i1], - .end = sampled_coefficients[i1] + (size_t)16U}), - int16_t, core_ops_range_Range__size_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( - int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)256U}), - int16_t, core_ops_range_Range__size_t, - Eurydice_slice)); -} - -static inline void -sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_504size_t( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block___2size_t(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_168size_t( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret0[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( - uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - uu____1, sampled); - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy( - ret, A_transpose, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [2U])); -} - -typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - fst[2U]; - uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t; - -static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], - Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____1, uu____2, uu____3, - Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], - uint8_t(*)[192U], uint8_t[192U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0; - uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - randomness); - return uu____0; -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_3size_t( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void -add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - self->coefficients[i0], &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -static inline void -compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = matrix_A[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result[i1], &product); - } - add_standard_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static K___uint8_t_768size_t__uint8_t_800size_t_ -generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G___2size_t(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uu____3, domain_separator) - .fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy( - uu____5, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + - core_slice___Slice_T___len(private_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + - core_slice___Slice_T___len(public_key, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)1632U, out, - ((core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret0[32U]; - H___2size_t(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len( - implicit_rejection_value, uint8_t, size_t)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( - (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = - generate_keypair__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( - ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( - uu____1, - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____1, uu____2, uu____3, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - lit.snd = domain_separator; - return lit; -} - -static inline void PRF___2size_t_128size_t(Eurydice_slice input, - uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(re); -} - -static inline void -compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector ( - *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for ( - size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - [2U], - size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *row = a_as_ntt[i1]; - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result[i1], &product); - } - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result); - result = - add_message_error_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - error_2, message, result); - return result; -} - -static void -compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - input[2U], - Eurydice_slice out) { - for ( - size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector, - size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice( - out, - ((core_ops_range_Range__size_t){ - .start = i0 * ((size_t)640U / (size_t)2U), - .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t_320size_t( - &re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -static void -encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - ret0, false, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( - uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t__uint8_t - uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF___2size_t_128size_t( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u[2U]; - compute_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = compute_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); - compress_then_serialize_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( - uu____5, Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t_128size_t( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___2size_t( - Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = - libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( - uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice( - (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ - .start = - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_10size_t( - &u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - ((core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - result = ZERO__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector(); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - product = - ntt_multiply__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &result); - result = subtract_reduce__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - v, result); - return result; -} - -static void -decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_4size_t( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector - message = - compute_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector( - message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0 = input; - Eurydice_slice uu____1 = input; - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); - libcrux_sha3_neon_x2_shake256( - uu____0, uu____1, uu____2, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, - libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, - uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G___2size_t( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext), - uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF___2size_t_32size_t( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - uu____5, uu____6, pseudorandomness, expected_ciphertext); - Eurydice_slice uu____7 = - libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( - ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( - uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, - uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h deleted file mode 100644 index 172520803..000000000 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ /dev/null @@ -1,301 +0,0 @@ -/* - This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL - version: 40e3a603 - */ - -#ifndef __libcrux_mlkem_neon_H -#define __libcrux_mlkem_neon_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" -#include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" -#include "libcrux_sha3_neon.h" - -typedef struct libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ZERO(void); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ZERO( - void); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_from_i16_array(Eurydice_slice array); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___from_i16_array( - Eurydice_slice array); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___add( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___sub( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___cond_subtract_3329( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_SIMD128OPS_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___barrett_reduce( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___compress_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_simd128ops_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_simd128ops_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t zeta); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___ntt_multiply( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[2U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_1( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_1(Eurydice_slice a); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_1( - Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[8U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_4( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_4(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_4( - Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_simd128ops_to_i16_array( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, int16_t ret[16U]); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[10U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_5( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_5(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_5( - Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[20U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_10( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_10(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_10( - Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[22U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_11( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_11(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_11( - Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_simd128ops_serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector v, uint8_t ret[24U]); - -void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___serialize_12( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops_deserialize_12(Eurydice_slice v); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___deserialize_12( - Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -size_t -libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___rej_sample( - Eurydice_slice a, Eurydice_slice out); - -libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector -libcrux_ml_kem_vector_neon_simd128ops___core__clone__Clone_for_libcrux_ml_kem__vector__neon__simd128ops__SIMD128Vector___clone( - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector *self); - -typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector_s { - libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_simd128ops_SIMD128Vector; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem_neon_H_DEFINED -#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 30688d413..eeba8ebb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_mlkem_portable.h" @@ -595,7 +595,7 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice(array, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -691,7 +691,7 @@ libcrux_ml_kem_vector_cond_subtract_3329( libcrux_ml_kem_vector_portable_PortableVector v) { core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); @@ -1180,7 +1180,7 @@ inline K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( uu____0 + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element( (int32_t)a1 * (int32_t)b1) * (int32_t)zeta); - return ((K___int16_t_int16_t){ + return (CLITERAL(K___int16_t_int16_t){ .fst = uu____1, .snd = libcrux_ml_kem_vector_montgomery_reduce_element( (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); @@ -2237,8 +2237,8 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector coefficient = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( @@ -2268,7 +2268,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -2329,8 +2329,8 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVect coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)384U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)24U * i0, - .end = (size_t)24U * i0 + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, .end = (size_t)24U * i0 + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2362,7 +2362,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1536U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -2386,8 +2386,8 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1568U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1536U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____1[4U]; @@ -2515,7 +2515,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2524,7 +2524,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -2569,7 +2569,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2578,7 +2578,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -2610,7 +2610,7 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( Eurydice_slice_subslice( a, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)16U, .end = (i0 + (size_t)1U) * (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -2624,7 +2624,7 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -2761,7 +2761,7 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVect size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice( randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, .end = chunk_number * (size_t)4U + (size_t)4U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2809,7 +2809,7 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVect size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice( randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, .end = chunk_number * (size_t)3U + (size_t)3U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -2900,7 +2900,7 @@ ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( a, &t); a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( a, &t); - return (( + return (CLITERAL( __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ .fst = a, .snd = b}); } @@ -3307,7 +3307,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -3320,7 +3320,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -3329,7 +3329,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)3168U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3346,7 +3346,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)3168U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -3360,7 +3360,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3414,7 +3414,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -3551,7 +3551,7 @@ inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector a, &b)); b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( a_minus_b, zeta_r); - return (( + return (CLITERAL( __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ .fst = a, .snd = b}); } @@ -3714,7 +3714,7 @@ deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVect libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( Eurydice_array_to_subslice( (size_t)32U, serialized, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -3832,8 +3832,8 @@ compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352siz coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)352U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)22U * i0, - .end = (size_t)22U * i0 + (size_t)22U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3875,7 +3875,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)1408U / (size_t)4U), .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -3923,8 +3923,8 @@ compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3967,8 +3967,8 @@ compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( coefficients, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = (size_t)10U * i0, - .end = (size_t)10U * i0 + (size_t)10U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, .end = (size_t)10U * i0 + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4068,8 +4068,8 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1408U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____6 = v; @@ -4175,8 +4175,8 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)20U, - .end = i0 * (size_t)20U + (size_t)20U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector coefficient = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( @@ -4221,8 +4221,8 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)22U, - .end = i0 * (size_t)22U + (size_t)22U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector coefficient = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( @@ -4285,7 +4285,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4si size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)1568U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U), @@ -4341,8 +4341,8 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)8U, - .end = i0 * (size_t)8U + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector coefficient = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( @@ -4387,8 +4387,8 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)10U, - .end = i0 * (size_t)10U + (size_t)10U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector uu____0 = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( @@ -4424,8 +4424,8 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( serialized, - ((core_ops_range_Range__size_t){.start = i0 * (size_t)24U, - .end = i0 * (size_t)24U + (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_vector_portable_PortableVector uu____0 = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( @@ -4452,7 +4452,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4534,8 +4534,8 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)32U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4681,7 +4681,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4721,7 +4721,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1152U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -4745,8 +4745,8 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1184U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)1152U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____1[3U]; @@ -4874,7 +4874,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -4883,7 +4883,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -4928,7 +4928,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -4937,7 +4937,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -4962,7 +4962,7 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -5319,7 +5319,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -5332,7 +5332,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -5341,7 +5341,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)2400U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5358,7 +5358,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)2400U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -5372,7 +5372,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5426,7 +5426,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -5629,8 +5629,8 @@ compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320siz coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)320U, serialized, - ((core_ops_range_Range__size_t){.start = (size_t)20U * i0, - .end = (size_t)20U * i0 + (size_t)20U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, @@ -5672,7 +5672,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)960U / (size_t)3U), .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -5777,8 +5777,8 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)960U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____6 = v; @@ -5902,7 +5902,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3si size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)1088U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), @@ -5954,7 +5954,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -6132,7 +6132,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -6172,7 +6172,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)768U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -6196,8 +6196,8 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)800U, public_key_serialized, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)768U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____1[2U]; @@ -6325,7 +6325,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)504U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6334,7 +6334,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6379,7 +6379,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)168U, randomness[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = r * (size_t)24U, .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6388,7 +6388,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = sampled_coefficients[i1], .end = sampled_coefficients[i1] + (size_t)16U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6413,7 +6413,7 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct int16_t s[272U]) { return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), int16_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -6781,7 +6781,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), @@ -6794,7 +6794,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____3, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____4, .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), @@ -6803,7 +6803,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)1632U, out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = pointer, .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6820,7 +6820,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice( (size_t)1632U, uu____7, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = uu____8, .end = uu____9 + core_slice___Slice_T___len( implicit_rejection_value, uint8_t, size_t)}), @@ -6834,7 +6834,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -6888,7 +6888,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice( public_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), @@ -7107,7 +7107,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * ((size_t)640U / (size_t)2U), .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); @@ -7203,8 +7203,8 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)640U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____6 = v; @@ -7298,7 +7298,7 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice( (size_t)768U, ciphertext, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), @@ -7339,7 +7339,7 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( size_t i0 = i; Eurydice_slice secret_bytes = Eurydice_slice_subslice( secret_key, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 078c0cbd3..02b989972 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 87bfd1a1a..36ca19e89 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 49e0302b8..456891376 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #include "internal/libcrux_sha3_avx2.h" @@ -88,23 +88,27 @@ static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { Eurydice_slice uu____0 = Eurydice_slice_subslice( a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); Eurydice_slice uu____1 = Eurydice_slice_subslice( a[1U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); Eurydice_slice uu____2 = Eurydice_slice_subslice( a[2U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); ret[0U] = uu____0; ret[1U] = uu____1; ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice( - a[3U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[3U] = Eurydice_slice_subslice(a[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); } static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, @@ -202,28 +206,28 @@ static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], core_core_arch_x86___m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -278,50 +282,52 @@ static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____5, Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____7, Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -338,54 +344,54 @@ static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____9 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____9, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____10 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____10, Eurydice_slice_subslice( blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____11 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____11, Eurydice_slice_subslice( blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____12 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____12, Eurydice_slice_subslice( blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); core_core_arch_x86___m256i u0 = @@ -1103,8 +1109,8 @@ absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); @@ -1162,7 +1168,7 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1170,7 +1176,7 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1178,7 +1184,7 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1186,7 +1192,7 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1203,52 +1209,52 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); Eurydice_slice uu____1 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____1, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice( out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice( out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____3, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____4 = Eurydice_slice_subslice( out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -1264,54 +1270,54 @@ static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); Eurydice_slice uu____6 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_slice_subslice( out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____7, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____8 = Eurydice_slice_subslice( out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____8, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____9 = Eurydice_slice_subslice( out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____9, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); } @@ -1461,8 +1467,8 @@ keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -1507,28 +1513,28 @@ static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], core_core_arch_x86___m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); core_core_arch_x86___m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( blocks[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); @@ -1583,50 +1589,52 @@ static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, Eurydice_slice_subslice(blocks[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)8U, .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____5, Eurydice_slice_subslice(blocks[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_slice_subslice(blocks[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice( (size_t)32U, u8s, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____7, Eurydice_slice_subslice(blocks[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = start, .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -1643,54 +1651,54 @@ static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____9 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____9, Eurydice_slice_subslice( blocks[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____10 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____10, Eurydice_slice_subslice( blocks[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____11 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____11, Eurydice_slice_subslice( blocks[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____12 = Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____12, Eurydice_slice_subslice( blocks[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); core_core_arch_x86___m256i u0 = @@ -1740,8 +1748,8 @@ libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168 KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, void *); @@ -1809,7 +1817,7 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1817,7 +1825,7 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1825,7 +1833,7 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[2U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1833,7 +1841,7 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice(out[3U], - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)32U * i0, .end = (size_t)32U * (i0 + (size_t)1U)}), uint8_t, core_ops_range_Range__size_t, @@ -1850,52 +1858,52 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); Eurydice_slice uu____1 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____1, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice( out[1U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____2, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)8U, .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice( out[2U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____3, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)16U, .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____4 = Eurydice_slice_subslice( out[3U], - ((core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____4, Eurydice_array_to_subslice((size_t)32U, u8s, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)24U, .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), @@ -1911,54 +1919,54 @@ static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); Eurydice_slice uu____6 = Eurydice_slice_subslice( out[0U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_subslice((size_t)32U, u8s0, - ((core_ops_range_Range__size_t){ + (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_slice_subslice( out[1U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____7, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____8 = Eurydice_slice_subslice( out[2U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____8, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____9 = Eurydice_slice_subslice( out[3U], - ((core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____9, Eurydice_array_to_subslice( (size_t)32U, u8s0, - ((core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice), uint8_t, void *); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2f9e86a7b..28d49028b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 360486d5e..ec88e43b6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 40e3a603 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 40e3a603 */ #ifndef __libcrux_sha3_internal_H @@ -110,10 +110,11 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 static inline void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = Eurydice_slice_subslice(a[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); } static inline void @@ -895,7 +896,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; @@ -916,8 +918,8 @@ static inline void libcrux_sha3_portable_keccak_store_block___168size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); @@ -1087,7 +1089,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -1193,7 +1195,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -1214,8 +1217,8 @@ static inline void libcrux_sha3_portable_keccak_store_block___104size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); @@ -1364,7 +1367,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -1470,7 +1473,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -1491,8 +1495,8 @@ static inline void libcrux_sha3_portable_keccak_store_block___144size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); @@ -1641,7 +1645,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -1747,7 +1751,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 31U; @@ -1768,8 +1773,8 @@ static inline void libcrux_sha3_portable_keccak_store_block___136size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); @@ -1918,7 +1923,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -1963,7 +1968,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -2026,7 +2032,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( @@ -2132,7 +2138,8 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)200U, blocks[i], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = last_len}), + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = last_len}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); blocks[i][last_len] = 6U; @@ -2153,8 +2160,8 @@ static inline void libcrux_sha3_portable_keccak_store_block___72size_t( size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice( out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U * i0, - .end = (size_t)8U * i0 + (size_t)8U}), + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); @@ -2303,7 +2310,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), + .end = blocks}), core_ops_range_Range__size_t, core_ops_range_Range__size_t); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8d215805c..b9aa5c77b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 40e3a603 */ @@ -9,2877 +9,179 @@ #include "internal/libcrux_core.h" -static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = Eurydice_slice_subslice( - a[1U], - ((core_ops_range_Range__size_t){.start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_n(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, - .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, - .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_arm_shared_neon_uint64x2_t uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_arm_shared_neon_uint64x2_t uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_arm_shared_neon_uint64x2_t uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_arm_shared_neon_uint64x2_t uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_arm_shared_neon_uint64x2_t uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( - i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - size_t i) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); - } -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___72size_t(uu____0, buf); -} - -static inline void load_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, - .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = (size_t)72U - (size_t)8U, - .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___72size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___72size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___72size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___72size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - s, o1); - } - } -} - -static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___72size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, - .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, - .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, - .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = (size_t)136U - (size_t)8U, - .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } -} - -static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___136size_t_6uint8_t(uu____0, buf); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } -} - -static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2___136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); -} - -static inline void load_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, - .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, - .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, - .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = (size_t)168U - (size_t)8U, - .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___168size_t0(s->st, out); -} - -static inline void -squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o0); - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o1); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void load_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, - .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, - .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___144size_t(uu____0, buf); -} - -static inline void load_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, - .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = (size_t)144U - (size_t)8U, - .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___144size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___144size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___144size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___144size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - s, o1); - } - } -} - -static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____0, out); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___144size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, - .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, - .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___104size_t(uu____0, buf); -} - -static inline void load_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - ((core_ops_range_Range__size_t){.start = (size_t)0U, - .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - ((core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, - .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - ((core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - ((core_ops_range_Range__size_t){.start = (size_t)104U - (size_t)8U, - .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - ((core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___104size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___104size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___104size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___104size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - ((core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - s, o1); - } - } -} - -static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____0, out); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___104size_t_6uint8_t(uu____0, buf); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0e8477b26..0861469fa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,7 +1,7 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: b5cb71b8 KaRaMeL + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL version: 40e3a603 */ @@ -17,11 +17,6 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -29,23 +24,24 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); From 48db367dd187e04f6ba06e9572951cec3275b895 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 10 Jun 2024 10:38:10 -0700 Subject: [PATCH 46/74] Regenerate the code with a fresh code-gen change to deal with an MSVC oddity --- libcrux-ml-kem/c/internal/libcrux_core.h | 4 ++-- libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 32 files changed, 33 insertions(+), 33 deletions(-) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 5ca28c79c..6245ba78c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __internal_libcrux_core_H @@ -16,7 +16,7 @@ extern "C" { #include "eurydice_glue.h" extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( - core_fmt_rt_Argument x0[0U]); + core_fmt_rt_Argument *x0); extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( Eurydice_slice x0, Eurydice_slice x1); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index fcda100f7..58155643c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 4fa834a92..b7caa27e1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 405e13161..05fe23ee6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 32b53c527..22e02bd6d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 518634a6f..3f65bcf58 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 6d6e8dcac..62ceebc2c 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 1399bdf00..9fcadba75 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index e42d25b96..bef973b2c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 22172d3c4..7c71dabe4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 66d7f407e..f96a815a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 5f38c1f52..83fc5be46 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 8cdf081a1..80d9dd3f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index c5d115c11..db169fa82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 28682ce54..ec92a98ea 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 2c66e4f9e..4d79fb75e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ec949dc4d..fea44f677 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 19cf733d3..1ee6f610a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 79ab93993..4a14c563e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 2354c986e..0d5024551 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 8bac4c0fe..00b723c9f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2e8dd612b..17f457d06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a4c6c077c..ac52e4bbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e4349f2b1..01d55d083 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index eeba8ebb1..def6d0fb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 02b989972..f9c6b1bc5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 36ca19e89..189a64804 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 456891376..e8210950d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 28d49028b..bc53c956a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index ec88e43b6..6511292a8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b9aa5c77b..9e9a598e9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0861469fa..6a3cf4a83 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 40e3a603 + version: 6bb7cd3e */ #ifndef __libcrux_sha3_neon_H From 3b31006037373a79c6b87de0b4bf00d5fd84e74c Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 10 Jun 2024 14:44:59 -0700 Subject: [PATCH 47/74] Code quality improvement: leverage extraction of type aliases (thanks @nadrieril) to place monomorphized definitions in utils.rs, which is hella more convenient than listing them manually via the config --- libcrux-ml-kem/c.yaml | 13 +--- libcrux-ml-kem/c/internal/libcrux_core.h | 54 ++++++++--------- libcrux-ml-kem/c/libcrux_core.c | 24 ++++---- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 72 +++++++++++------------ libcrux-ml-kem/c/libcrux_mlkem_portable.c | 72 +++++++++++------------ libcrux-ml-kem/src/ind_cca.rs | 3 +- libcrux-ml-kem/src/ind_cpa.rs | 10 +--- libcrux-ml-kem/src/lib.rs | 1 + libcrux-ml-kem/src/utils.rs | 25 ++++++++ 9 files changed, 143 insertions(+), 131 deletions(-) create mode 100644 libcrux-ml-kem/src/utils.rs diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 205d9ea99..4dbc5b102 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -63,6 +63,7 @@ files: monomorphizations_using: # Should this also include the monomorphizations using # core.arch.x86.__m256i? + - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - [libcrux_sha3, generic_keccak, "KeccakState__core_core_arch_x86___m256i_$4size_t"] @@ -157,24 +158,16 @@ files: - [ core, "*"] - [ libcrux_ml_kem, types, "*"] - [ libcrux_ml_kem, constant_time_ops, "*"] + - [ libcrux_ml_kem, utils ] monomorphizations_using: - [ Eurydice, "*" ] - [ libcrux_ml_kem, types, "*"] - monomorphizations_exact: - - [ K, "__uint8_t[1536size_t]_uint8_t[1568size_t]" ] - - [ K, "__uint8_t[1152size_t]_uint8_t[1184size_t]" ] - - [ K, "__uint8_t[768size_t]_uint8_t[800size_t]" ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___33size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___34size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___64size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___800size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1120size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1600size_t ] patterns: - [ core, "*"] - [ libcrux_ml_kem, types ] - [ libcrux_ml_kem, constants ] - [ libcrux_ml_kem, constant_time_ops, "*"] + - [ libcrux_ml_kem, utils ] api: - [Eurydice, "*"] diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6245ba78c..63c1e03ed 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -44,6 +44,21 @@ void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) +typedef struct libcrux_ml_kem_utils_Keypair1024_s { + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} libcrux_ml_kem_utils_Keypair1024; + +typedef struct libcrux_ml_kem_utils_Keypair512_s { + uint8_t fst[768U]; + uint8_t snd[800U]; +} libcrux_ml_kem_utils_Keypair512; + +typedef struct libcrux_ml_kem_utils_Keypair768_s { + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} libcrux_ml_kem_utils_Keypair768; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uint8_t value[1568U]); @@ -57,11 +72,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( uint8_t value[3168U]); -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} K___uint8_t_1536size_t__uint8_t_1568size_t_; - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uint8_t value[1568U]); @@ -78,8 +88,8 @@ Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]); libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( @@ -94,11 +104,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( uint8_t value[2400U]); -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} K___uint8_t_1152size_t__uint8_t_1184size_t_; - libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uint8_t value[1088U]); @@ -115,8 +120,8 @@ Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( @@ -131,11 +136,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( uint8_t value[1632U]); -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { - uint8_t fst[768U]; - uint8_t snd[800U]; -} K___uint8_t_768size_t__uint8_t_800size_t_; - libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( uint8_t value[768U]); @@ -160,11 +160,11 @@ typedef struct Eurydice_slice snd; } K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]); +void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]); -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]); +void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]); typedef struct K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { @@ -182,11 +182,11 @@ Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]); -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]); +void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]); typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 3f65bcf58..cbcc3017b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -102,8 +102,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]) { +void libcrux_ml_kem_utils_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -183,8 +183,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]) { +void libcrux_ml_kem_utils_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -257,8 +257,8 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_ return is_non_zero(r); } -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]) { +void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -272,8 +272,8 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]) { +void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -294,8 +294,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]) { +void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -309,8 +309,8 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]) { +void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ac52e4bbb..a9e1357cc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -2612,7 +2612,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ +static libcrux_ml_kem_utils_Keypair768 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -2627,12 +2627,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t @@ -2687,7 +2687,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + libcrux_ml_kem_utils_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -2774,7 +2774,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -3578,11 +3578,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t @@ -3662,7 +3662,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4340,7 +4340,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4360,8 +4360,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -5057,7 +5057,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ +static libcrux_ml_kem_utils_Keypair1024 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5072,12 +5072,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t @@ -5132,7 +5132,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + libcrux_ml_kem_utils_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -5219,7 +5219,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5543,11 +5543,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t @@ -5627,7 +5627,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5891,7 +5891,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5911,8 +5911,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -6571,7 +6571,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_768size_t__uint8_t_800size_t_ +static libcrux_ml_kem_utils_Keypair512 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6586,12 +6586,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t @@ -6646,7 +6646,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; + libcrux_ml_kem_utils_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6733,7 +6733,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7050,11 +7050,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t @@ -7134,7 +7134,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7357,7 +7357,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7377,8 +7377,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index def6d0fb7..c56a9bb7b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -3206,7 +3206,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ +static libcrux_ml_kem_utils_Keypair1024 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -3221,12 +3221,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t @@ -3281,7 +3281,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + libcrux_ml_kem_utils_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -3368,7 +3368,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -4001,11 +4001,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t @@ -4085,7 +4085,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4607,7 +4607,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4627,8 +4627,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -5218,7 +5218,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ +static libcrux_ml_kem_utils_Keypair768 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5233,12 +5233,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t @@ -5293,7 +5293,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + libcrux_ml_kem_utils_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -5380,7 +5380,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5710,11 +5710,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t @@ -5794,7 +5794,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6058,7 +6058,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6078,8 +6078,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -6680,7 +6680,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_768size_t__uint8_t_800size_t_ +static libcrux_ml_kem_utils_Keypair512 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6695,12 +6695,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t @@ -6755,7 +6755,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; + libcrux_ml_kem_utils_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6842,7 +6842,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + libcrux_ml_kem_utils_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7136,11 +7136,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t @@ -7220,7 +7220,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7444,7 +7444,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7464,8 +7464,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 3c67ef508..ff2f8c759 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -4,7 +4,8 @@ use crate::{ }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, - ind_cpa::{into_padded_array, serialize_public_key}, + utils::into_padded_array, + ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, vector::Operations, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 5014f06da..195ecd43c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -14,17 +14,9 @@ use crate::{ serialize_uncompressed_ring_element, }, vector::Operations, + utils::into_padded_array, }; -/// Pad the `slice` with `0`s at the end. -#[inline(always)] -pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { - debug_assert!(slice.len() <= LEN); - let mut out = [0u8; LEN]; - out[0..slice.len()].copy_from_slice(slice); - out -} - /// Concatenate `t` and `ρ` into the public key. #[inline(always)] pub(crate) fn serialize_public_key< diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index e0687c7f8..2a431fdb5 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -57,6 +57,7 @@ pub(crate) mod constants; /// Helpers for verification and extraction mod helper; +mod utils; mod constant_time_ops; mod hash_functions; diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs new file mode 100644 index 000000000..ea5e4734f --- /dev/null +++ b/libcrux-ml-kem/src/utils.rs @@ -0,0 +1,25 @@ +// A couple helper functions and definitions -- this file ends up being bundled in +// libcrux_core.{c,h}, so if you need something that has to be shared across multiple mlkem +// instances / implementations, it can go in here. + +/// Pad the `slice` with `0`s at the end. +#[inline(always)] +pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { + debug_assert!(slice.len() <= LEN); + let mut out = [0u8; LEN]; + out[0..slice.len()].copy_from_slice(slice); + out +} + +// Without these type abbreviations, the monomorphized definitions end up being inserted at the +// first location that they are used, which might be, e.g., the avx2 impl of mlkem512, resulting in +// the portable impl of mlkem512 including the header for the avx2 impl of mlkem512 to have this +// type definition in scope! +// +// To avoid that, we manually place those definitions in this file, which ends up in a shared +// header. +// +// TODO: use proper constants +type Keypair512 = ([u8; 768], [u8;800]); +type Keypair768 = ([u8; 1152], [u8;1184]); +type Keypair1024 = ([u8; 1536], [u8;1568]); From 496e7bfc2245c4d84263fb95f79e7c023673699b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 11 Jun 2024 10:43:47 +0200 Subject: [PATCH 48/74] fixups --- .github/workflows/c.yml | 7 ++++--- libcrux-ml-kem/c.sh | 12 ++++++++++++ libcrux-ml-kem/c.yaml | 8 ++------ libcrux-ml-kem/c/CMakeLists.txt | 2 +- libcrux-ml-kem/c/README.md | 2 ++ libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/mlkem1024.rs | 4 ++-- libcrux-ml-kem/src/mlkem512.rs | 4 ++-- libcrux-ml-kem/src/mlkem768.rs | 2 +- libcrux-ml-kem/src/utils.rs | 16 ++++++++++++---- 11 files changed, 40 insertions(+), 21 deletions(-) diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index b70951dfb..384e13a30 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -50,9 +50,10 @@ jobs: cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build --config Release - - name: 🏃🏻‍♀️ Benchmark - run: ./build/Release/ml_kem_bench - if: ${{ matrix.os == 'windows-latest' }} + # FIXME: Benchmarks on Windows CI are not working right now. + # - name: 🏃🏻‍♀️ Benchmark + # run: ./build/Release/ml_kem_bench + # if: ${{ matrix.os == 'windows-latest' }} - name: 🏃🏻‍♀️ Benchmark run: ./build/ml_kem_bench diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 7edb43093..11488924c 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -68,3 +68,15 @@ cp $EURYDICE_HOME/include/eurydice_glue.h . clang-format --style=Google -i *.c *.h clang-format --style=Google -i internal/*.h clang-format --style=Google -i intrinsics/*.h + +# Write out infos about the used tools +rm -f code_gen.txt +echo "This code was generated with the following tools:" >> code_gen.txt +echo -n "Charon: " >> code_gen.txt +git -C $CHARON_HOME rev-parse HEAD >> code_gen.txt +echo -n "Eurydice: " >> code_gen.txt +git -C $EURYDICE_HOME rev-parse HEAD >> code_gen.txt +echo -n "Karamel: " >> code_gen.txt +git -C $KRML_HOME rev-parse HEAD >> code_gen.txt +echo -n "F*: " >> code_gen.txt +git -C $FSTAR_HOME rev-parse HEAD >> code_gen.txt diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 4dbc5b102..e6b1e9bb3 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -13,10 +13,6 @@ files: api: - [libcrux_intrinsics, avx2] - - name: libcrux_platform - private: - - [libcrux_platform, "*"] - # SHA3 (no mention of libcrux_mlkem in this section, please) # Keep the per-target seperation idea: each SHA3 variant in its own file @@ -158,7 +154,7 @@ files: - [ core, "*"] - [ libcrux_ml_kem, types, "*"] - [ libcrux_ml_kem, constant_time_ops, "*"] - - [ libcrux_ml_kem, utils ] + - [ libcrux_ml_kem, utils, "*" ] monomorphizations_using: - [ Eurydice, "*" ] - [ libcrux_ml_kem, types, "*"] @@ -167,7 +163,7 @@ files: - [ libcrux_ml_kem, types ] - [ libcrux_ml_kem, constants ] - [ libcrux_ml_kem, constant_time_ops, "*"] - - [ libcrux_ml_kem, utils ] + - [ libcrux_ml_kem, utils, "*" ] api: - [Eurydice, "*"] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index f74d91c71..89c427918 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -88,7 +88,7 @@ if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64") endif() # This is only for local testing and we assume neon on arm64. -if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8" AND DEFINED $ENV{LIBCRUX_NEON}) +if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|arm64v8" AND DEFINED ENV{LIBCRUX_NEON}) message(STATUS "Detected an arm64 architecture") add_compile_definitions(LIBCRUX_AARCH64) diff --git a/libcrux-ml-kem/c/README.md b/libcrux-ml-kem/c/README.md index 9652f89c6..3997bb316 100644 --- a/libcrux-ml-kem/c/README.md +++ b/libcrux-ml-kem/c/README.md @@ -17,6 +17,8 @@ cmake -B build -G "Ninja Multi-Config" cmake --build build ``` +To enable neon builds, set `LIBCRUX_NEON=1`. + ### Test ```bash diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ff2f8c759..719f009b9 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -4,10 +4,10 @@ use crate::{ }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, - utils::into_padded_array, ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, + utils::into_padded_array, vector::Operations, }; diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 195ecd43c..dbe59a37c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -13,8 +13,8 @@ use crate::{ deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element, serialize_uncompressed_ring_element, }, - vector::Operations, utils::into_padded_array, + vector::Operations, }; /// Concatenate `t` and `ρ` into the public key. diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 79fb38507..2a1a28a3a 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -21,9 +21,9 @@ const VECTOR_V_COMPRESSION_FACTOR_1024: usize = 5; const C2_SIZE_1024: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_1024) / 8; const CPA_PKE_SECRET_KEY_SIZE_1024: usize = (RANK_1024 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_1024: usize = T_AS_NTT_ENCODED_SIZE_1024 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_1024: usize = T_AS_NTT_ENCODED_SIZE_1024 + 32; const CPA_PKE_CIPHERTEXT_SIZE_1024: usize = C1_SIZE_1024 + C2_SIZE_1024; -const SECRET_KEY_SIZE_1024: usize = CPA_PKE_SECRET_KEY_SIZE_1024 +pub(crate) const SECRET_KEY_SIZE_1024: usize = CPA_PKE_SECRET_KEY_SIZE_1024 + CPA_PKE_PUBLIC_KEY_SIZE_1024 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index caf50dda5..f457e551a 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -21,9 +21,9 @@ const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4; const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8; const CPA_PKE_SECRET_KEY_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512; -const SECRET_KEY_SIZE_512: usize = +pub(crate) const SECRET_KEY_SIZE_512: usize = CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; const ETA1: usize = 3; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 3bd9333f4..a7030cb0c 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -21,7 +21,7 @@ const VECTOR_V_COMPRESSION_FACTOR_768: usize = 4; const C2_SIZE_768: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_768) / 8; const CPA_PKE_SECRET_KEY_SIZE_768: usize = (RANK_768 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_768: usize = T_AS_NTT_ENCODED_SIZE_768 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_768: usize = T_AS_NTT_ENCODED_SIZE_768 + 32; // These two are used in the hybrid kem. This could probably be improved. pub(crate) const CPA_PKE_CIPHERTEXT_SIZE_768: usize = C1_SIZE_768 + C2_SIZE_768; pub(crate) const SECRET_KEY_SIZE_768: usize = diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index ea5e4734f..67300d163 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -1,3 +1,4 @@ +// C extraction: // A couple helper functions and definitions -- this file ends up being bundled in // libcrux_core.{c,h}, so if you need something that has to be shared across multiple mlkem // instances / implementations, it can go in here. @@ -11,6 +12,10 @@ pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { out } +// C extraction: +// +// This is only enabled when extracting. +// // Without these type abbreviations, the monomorphized definitions end up being inserted at the // first location that they are used, which might be, e.g., the avx2 impl of mlkem512, resulting in // the portable impl of mlkem512 including the header for the avx2 impl of mlkem512 to have this @@ -19,7 +24,10 @@ pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { // To avoid that, we manually place those definitions in this file, which ends up in a shared // header. // -// TODO: use proper constants -type Keypair512 = ([u8; 768], [u8;800]); -type Keypair768 = ([u8; 1152], [u8;1184]); -type Keypair1024 = ([u8; 1536], [u8;1568]); +// TODO: use proper constants. They don't work right now ... +#[cfg(eurydice)] +mod extraction_helper { + type Keypair512 = ([u8; 768], [u8; 800]); + type Keypair768 = ([u8; 1152], [u8; 1184]); + type Keypair1024 = ([u8; 1536], [u8; 1568]); +} From ad7b9cbbb60dc6b311ffcd9f64174d601adf3844 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 11 Jun 2024 10:55:16 +0200 Subject: [PATCH 49/74] C update --- libcrux-ml-kem/c/code_gen.txt | 5 ++++ libcrux-ml-kem/c/internal/libcrux_core.h | 18 ++++++------- .../c/internal/libcrux_mlkem_avx2.h | 6 ++--- .../c/internal/libcrux_mlkem_portable.h | 6 ++--- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 ++--- .../c/internal/libcrux_sha3_internal.h | 6 ++--- libcrux-ml-kem/c/libcrux_core.c | 6 ++--- libcrux-ml-kem/c/libcrux_core.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 24 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 ++--- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 24 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 ++--- libcrux-ml-kem/c/libcrux_sha3.h | 6 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 ++--- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 ++--- .../c/libcrux_sha3_libcrux_ml_kem.h | 26 +++++++++++++++++++ libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 ++--- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 ++--- 34 files changed, 151 insertions(+), 120 deletions(-) create mode 100644 libcrux-ml-kem/c/code_gen.txt create mode 100644 libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt new file mode 100644 index 000000000..511c010db --- /dev/null +++ b/libcrux-ml-kem/c/code_gen.txt @@ -0,0 +1,5 @@ +This code was generated with the following tools: +Charon: 0b8b7a82c2a18f65ab9df16f222d52594c17f59c +Eurydice: f5a2305081d09f3b45ed272e5388e542f4c4a7c1 +Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 +F*: \ No newline at end of file diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 63c1e03ed..b4f7dd467 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_core_H @@ -44,20 +44,20 @@ void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) -typedef struct libcrux_ml_kem_utils_Keypair1024_s { +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair1024_s { uint8_t fst[1536U]; uint8_t snd[1568U]; -} libcrux_ml_kem_utils_Keypair1024; +} libcrux_ml_kem_utils_extraction_helper_Keypair1024; -typedef struct libcrux_ml_kem_utils_Keypair512_s { +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair512_s { uint8_t fst[768U]; uint8_t snd[800U]; -} libcrux_ml_kem_utils_Keypair512; +} libcrux_ml_kem_utils_extraction_helper_Keypair512; -typedef struct libcrux_ml_kem_utils_Keypair768_s { +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t fst[1152U]; uint8_t snd[1184U]; -} libcrux_ml_kem_utils_Keypair768; +} libcrux_ml_kem_utils_extraction_helper_Keypair768; libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 58155643c..ffea50616 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index b7caa27e1..e33f8010e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 05fe23ee6..524d2bd7e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 22e02bd6d..d31a0635a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cbcc3017b..030415b38 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 62ceebc2c..e139b26ab 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 9fcadba75..fd54f0af6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index bef973b2c..dd3a50e17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 7c71dabe4..e147197b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f96a815a6..5bc2ce976 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 83fc5be46..1178c18f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 80d9dd3f8..923a244ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index db169fa82..848b46be2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index ec92a98ea..4fc0e2978 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 4d79fb75e..58a1c1e90 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index fea44f677..40bd5b724 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 1ee6f610a..6ae2774e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4a14c563e..b4ded9ed6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 0d5024551..9d0c5e1f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 00b723c9f..1981d0c6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 17f457d06..190d95aa7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a9e1357cc..ea61181bb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_mlkem_avx2.h" @@ -2612,7 +2612,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_Keypair768 +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -2687,7 +2687,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair768 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -2774,7 +2774,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair768 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5057,7 +5057,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_Keypair1024 +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5132,7 +5132,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair1024 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -5219,7 +5219,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair1024 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -6571,7 +6571,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_Keypair512 +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6646,7 +6646,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair512 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6733,7 +6733,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair512 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 01d55d083..1a43363a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index c56a9bb7b..95917c799 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_mlkem_portable.h" @@ -3206,7 +3206,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_Keypair1024 +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -3281,7 +3281,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair1024 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -3368,7 +3368,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair1024 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5218,7 +5218,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_Keypair768 +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5293,7 +5293,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair768 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -5380,7 +5380,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair768 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -6680,7 +6680,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_Keypair512 +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6755,7 +6755,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_Keypair512 lit; + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6842,7 +6842,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_utils_Keypair512 uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f9c6b1bc5..2afec0115 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 189a64804..90e660fac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e8210950d..2d0336282 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index bc53c956a..0e5d15b71 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 6511292a8..ff9426779 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h new file mode 100644 index 000000000..ef0b3e58e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 + */ + +#ifndef __libcrux_sha3_libcrux_ml_kem_H +#define __libcrux_sha3_libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 9e9a598e9..d8c40c084 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a3cf4a83..5e1a4a79d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_neon_H From cb59dcead2ea5e4e49fb96ca36ef8c3c1013fe6c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 11 Jun 2024 11:04:23 +0200 Subject: [PATCH 50/74] drop old polynomial code --- Cargo.toml | 1 - kyber-c.yaml | 50 - kyber-crate-tests/kyber.rs | 19 - kyber-crate-tests/kyber_kats/README.md | 1 - kyber-crate-tests/kyber_kats/generate_kats.py | 91 - kyber-crate-tests/kyber_kats/kyber.py | 363 --- .../kyber_kats/nistkats_1024.json | 802 ------- .../kyber_kats/nistkats_512.json | 802 ------- .../kyber_kats/nistkats_768.json | 802 ------- kyber-crate-tests/kyber_nistkats.rs | 78 - kyber-crate.sh | 95 - libcrux-simd/Cargo.toml | 16 - libcrux-simd/src/aarch64.rs | 130 - libcrux-simd/src/lib.rs | 12 - libcrux-simd/src/scalar.rs | 61 - polynomials-aarch64/src/neon.rs | 282 --- polynomials-aarch64/src/rejsample.rs | 797 ------- .../Libcrux_polynomials_avx2.Arithmetic.fst | 159 -- .../Libcrux_polynomials_avx2.Compress.fst | 192 -- ...polynomials_avx2.Intrinsics_extraction.fst | 549 ----- .../Libcrux_polynomials_avx2.Ntt.fst | 192 -- .../Libcrux_polynomials_avx2.Portable.fst | 429 ---- .../Libcrux_polynomials_avx2.Sampling.fst | 2111 ----------------- .../Libcrux_polynomials_avx2.Serialize.fst | 557 ----- .../extraction/Libcrux_polynomials_avx2.fst | 412 ---- polynomials-avx2/src/sampling.rs | 814 ------- 26 files changed, 9817 deletions(-) delete mode 100644 kyber-c.yaml delete mode 100644 kyber-crate-tests/kyber.rs delete mode 100644 kyber-crate-tests/kyber_kats/README.md delete mode 100755 kyber-crate-tests/kyber_kats/generate_kats.py delete mode 100644 kyber-crate-tests/kyber_kats/kyber.py delete mode 100644 kyber-crate-tests/kyber_kats/nistkats_1024.json delete mode 100644 kyber-crate-tests/kyber_kats/nistkats_512.json delete mode 100644 kyber-crate-tests/kyber_kats/nistkats_768.json delete mode 100644 kyber-crate-tests/kyber_nistkats.rs delete mode 100755 kyber-crate.sh delete mode 100644 libcrux-simd/Cargo.toml delete mode 100644 libcrux-simd/src/aarch64.rs delete mode 100644 libcrux-simd/src/lib.rs delete mode 100644 libcrux-simd/src/scalar.rs delete mode 100644 polynomials-aarch64/src/neon.rs delete mode 100644 polynomials-aarch64/src/rejsample.rs delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Intrinsics_extraction.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst delete mode 100644 polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst delete mode 100644 polynomials-avx2/src/sampling.rs diff --git a/Cargo.toml b/Cargo.toml index 30e7e1f9d..881de10d9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,6 @@ members = [ "benchmarks", "fuzz", "libcrux-ml-kem", - "libcrux-simd", "libcrux-sha3", "libcrux-ml-dsa", "libcrux-intrinsics", diff --git a/kyber-c.yaml b/kyber-c.yaml deleted file mode 100644 index 62bd1b3df..000000000 --- a/kyber-c.yaml +++ /dev/null @@ -1,50 +0,0 @@ -files: - - name: libcrux_digest - api: - - [libcrux, digest] - - [libcrux, digest, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_platform - api: - - [libcrux_platform] - - - name: libcrux_kyber512 - api: - - [libcrux_kyber, kyber512] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber768 - api: - - [libcrux_kyber, kyber768] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber1024 - api: - - [libcrux_kyber, kyber1024] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber_common - private: - - [libcrux_kyber, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' - inline_static: true - - - name: core - private: - - [core, "*"] - # NOTE: putting Eurydice in core prevent eurydice from detecting spurious calls - # across C translation units from Eurydice to core (notably related to the - # result type), and thus prevents eurydice from flipping some result types - # being public, which pollutes the header. - # NOTE: putting Eurydice as public (api) is required, since some compilation - # passes produce calls to Eurydice.slice_to_array2 *after* reachability - # analysis, meaning that we cannot let reachability analysis eliminate - # Eurydice definitions on an as-needed basis - api: - - [Eurydice, "*"] diff --git a/kyber-crate-tests/kyber.rs b/kyber-crate-tests/kyber.rs deleted file mode 100644 index d30e7b266..000000000 --- a/kyber-crate-tests/kyber.rs +++ /dev/null @@ -1,19 +0,0 @@ -use libcrux_kyber::kyber768::*; -use rand::rngs::OsRng; -use rand::RngCore; - -#[test] -fn consistency_768() { - let mut rng = OsRng; - let mut randomness = [0u8; 64]; - rng.fill_bytes(&mut randomness); - - let kp = generate_key_pair(randomness); - let mut randomness = [0u8; 32]; - rng.fill_bytes(&mut randomness); - - let ct = encapsulate(kp.public_key(), randomness); - let shared_secret_decapsulated = decapsulate(kp.private_key(), &ct.0); - - assert_eq!(shared_secret_decapsulated, ct.1); -} diff --git a/kyber-crate-tests/kyber_kats/README.md b/kyber-crate-tests/kyber_kats/README.md deleted file mode 100644 index 17024363b..000000000 --- a/kyber-crate-tests/kyber_kats/README.md +++ /dev/null @@ -1 +0,0 @@ -In order to regenerate the JSON KAT files for all parameter sets, simply run `./generate_kats.py`. diff --git a/kyber-crate-tests/kyber_kats/generate_kats.py b/kyber-crate-tests/kyber_kats/generate_kats.py deleted file mode 100755 index 7dd7530df..000000000 --- a/kyber-crate-tests/kyber_kats/generate_kats.py +++ /dev/null @@ -1,91 +0,0 @@ -#! /usr/bin/env python3 - -# This file is a modified version of: -# https://github.com/bwesterb/draft-schwabe-cfrg-kyber/blob/main/kyber_test.py - -from kyber import * - -import hashlib -import json - -import Crypto -from Crypto.Cipher import AES - - -class NistDRBG: - """NIST's DRBG used to generate NIST's Known Answer Tests (KATs), - see PQCgenKAT.c.""" - - def __init__(self, seed): - self.key = b"\0" * 32 - self.v = 0 - assert len(seed) == 48 - self._update(seed) - - def _update(self, seed): - b = AES.new(self.key, AES.MODE_ECB) - buf = b"" - for i in range(3): - self.v += 1 - buf += b.encrypt(self.v.to_bytes(16, "big")) - if seed is not None: - buf = bytes([x ^ y for x, y in zip(seed, buf)]) - self.key = buf[:32] - self.v = int.from_bytes(buf[32:], "big") - - def read(self, length): - b = AES.new(self.key, AES.MODE_ECB) - ret = b"" - while len(ret) < length: - self.v += 1 - block = b.encrypt(self.v.to_bytes(16, "big")) - ret += block - self._update(None) - return ret[:length] - - -for params in [params512, params768, params1024]: - kats_formatted = [] - seed = bytes(range(48)) - g = NistDRBG(seed) - - print("Generating KATs for {} parameter set.".format(params)) - - for i in range(100): - seed = g.read(48) - g2 = NistDRBG(seed) - - kseed = g2.read(32) + g2.read(32) - eseed = g2.read(32) - - pk, sk = KeyGen(kseed, params) - ct, ss = Enc(pk, eseed, params) - - Dec(sk, ct, params) - - kats_formatted.append( - { - "key_generation_seed": bytes(kseed).hex(), - "sha3_256_hash_of_public_key": bytes( - hashlib.sha3_256(pk).digest() - ).hex(), - "sha3_256_hash_of_secret_key": bytes( - hashlib.sha3_256(sk).digest() - ).hex(), - "encapsulation_seed": bytes(eseed).hex(), - "sha3_256_hash_of_ciphertext": bytes( - hashlib.sha3_256(ct).digest() - ).hex(), - "shared_secret": bytes(ss).hex(), - } - ) - - if params == params512: - output_suffix = "512" - elif params == params768: - output_suffix = "768" - else: - output_suffix = "1024" - - with open("nistkats_{}.json".format(output_suffix), "w") as f: - json.dump(kats_formatted, f, ensure_ascii=False, indent=4) diff --git a/kyber-crate-tests/kyber_kats/kyber.py b/kyber-crate-tests/kyber_kats/kyber.py deleted file mode 100644 index 60b6463fe..000000000 --- a/kyber-crate-tests/kyber_kats/kyber.py +++ /dev/null @@ -1,363 +0,0 @@ -# This file is: -# https://github.com/bwesterb/draft-schwabe-cfrg-kyber/blob/a03ab13c241a1a0b6adc676d27be79843b03abc8/kyber.py -# with changes made to match the FIPS-203 draft as well as formatting changes -# made by the black formatter. - -# WARNING This is a specification of Kyber; not a production ready -# implementation. It is slow and does not run in constant time. - -# Requires the CryptoDome for SHAKE. To install, run -# -# pip install pycryptodome pytest -from Crypto.Hash import SHAKE128, SHAKE256 - -import io -import hashlib -import functools -import collections - -from math import floor - -q = 3329 -nBits = 8 -zeta = 17 -eta2 = 2 - -n = 2**nBits -inv2 = (q + 1) // 2 # inverse of 2 - -params = collections.namedtuple("params", ("k", "du", "dv", "eta1")) - -params512 = params(k=2, du=10, dv=4, eta1=3) -params768 = params(k=3, du=10, dv=4, eta1=2) -params1024 = params(k=4, du=11, dv=5, eta1=2) - - -def smod(x): - r = x % q - if r > (q - 1) // 2: - r -= q - return r - - -# Rounds to nearest integer with ties going up -def Round(x): - return int(floor(x + 0.5)) - - -def Compress(x, d): - return Round((2**d / q) * x) % (2**d) - - -def Decompress(y, d): - assert 0 <= y and y <= 2**d - return Round((q / 2**d) * y) - - -def BitsToWords(bs, w): - assert len(bs) % w == 0 - return [sum(bs[i + j] * 2**j for j in range(w)) for i in range(0, len(bs), w)] - - -def WordsToBits(bs, w): - return sum([[(b >> i) % 2 for i in range(w)] for b in bs], []) - - -def Encode(a, w): - return bytes(BitsToWords(WordsToBits(a, w), 8)) - - -def Decode(a, w): - return BitsToWords(WordsToBits(a, 8), w) - - -def brv(x): - """Reverses a 7-bit number""" - return int("".join(reversed(bin(x)[2:].zfill(nBits - 1))), 2) - - -class Poly: - def __init__(self, cs=None): - self.cs = (0,) * n if cs is None else tuple(cs) - assert len(self.cs) == n - - def __add__(self, other): - return Poly((a + b) % q for a, b in zip(self.cs, other.cs)) - - def __neg__(self): - return Poly(q - a for a in self.cs) - - def __sub__(self, other): - return self + -other - - def __str__(self): - return f"Poly({self.cs}" - - def __eq__(self, other): - return self.cs == other.cs - - def NTT(self): - cs = list(self.cs) - layer = n // 2 - zi = 0 - while layer >= 2: - for offset in range(0, n - layer, 2 * layer): - zi += 1 - z = pow(zeta, brv(zi), q) - - for j in range(offset, offset + layer): - t = (z * cs[j + layer]) % q - cs[j + layer] = (cs[j] - t) % q - cs[j] = (cs[j] + t) % q - layer //= 2 - return Poly(cs) - - def RefNTT(self): - # Slower, but simpler, version of the NTT. - cs = [0] * n - for i in range(0, n, 2): - for j in range(n // 2): - z = pow(zeta, (2 * brv(i // 2) + 1) * j, q) - cs[i] = (cs[i] + self.cs[2 * j] * z) % q - cs[i + 1] = (cs[i + 1] + self.cs[2 * j + 1] * z) % q - return Poly(cs) - - def InvNTT(self): - cs = list(self.cs) - layer = 2 - zi = n // 2 - while layer < n: - for offset in range(0, n - layer, 2 * layer): - zi -= 1 - z = pow(zeta, brv(zi), q) - - for j in range(offset, offset + layer): - t = (cs[j + layer] - cs[j]) % q - cs[j] = (inv2 * (cs[j] + cs[j + layer])) % q - cs[j + layer] = (inv2 * z * t) % q - layer *= 2 - return Poly(cs) - - def MulNTT(self, other): - """Computes self o other, the multiplication of self and other - in the NTT domain.""" - cs = [None] * n - for i in range(0, n, 2): - a1 = self.cs[i] - a2 = self.cs[i + 1] - b1 = other.cs[i] - b2 = other.cs[i + 1] - z = pow(zeta, 2 * brv(i // 2) + 1, q) - cs[i] = (a1 * b1 + z * a2 * b2) % q - cs[i + 1] = (a2 * b1 + a1 * b2) % q - return Poly(cs) - - def Compress(self, d): - return Poly(Compress(c, d) for c in self.cs) - - def Decompress(self, d): - return Poly(Decompress(c, d) for c in self.cs) - - def Encode(self, d): - return Encode(self.cs, d) - - -def sampleUniform(stream): - cs = [] - while True: - b = stream.read(3) - d1 = b[0] + 256 * (b[1] % 16) - d2 = (b[1] >> 4) + 16 * b[2] - assert d1 + 2**12 * d2 == b[0] + 2**8 * b[1] + 2**16 * b[2] - for d in [d1, d2]: - if d >= q: - continue - cs.append(d) - if len(cs) == n: - return Poly(cs) - - -def CBD(a, eta): - assert len(a) == 64 * eta - b = WordsToBits(a, 8) - cs = [] - for i in range(n): - cs.append((sum(b[:eta]) - sum(b[eta : 2 * eta])) % q) - b = b[2 * eta :] - return Poly(cs) - - -def XOF(seed, j, i): - h = SHAKE128.new() - h.update(seed + bytes([j, i])) - return h - - -def PRF1(seed, nonce): - assert len(seed) == 32 - h = SHAKE256.new() - h.update(seed + bytes([nonce])) - return h - - -def PRF2(seed, msg): - assert len(seed) == 32 - h = SHAKE256.new() - h.update(seed + msg) - return h.read(32) - - -def G(seed): - h = hashlib.sha3_512(seed).digest() - return h[:32], h[32:] - - -def H(msg): - return hashlib.sha3_256(msg).digest() - - -class Vec: - def __init__(self, ps): - self.ps = tuple(ps) - - def NTT(self): - return Vec(p.NTT() for p in self.ps) - - def InvNTT(self): - return Vec(p.InvNTT() for p in self.ps) - - def DotNTT(self, other): - """Computes the dot product in NTT domain.""" - return sum((a.MulNTT(b) for a, b in zip(self.ps, other.ps)), Poly()) - - def __add__(self, other): - return Vec(a + b for a, b in zip(self.ps, other.ps)) - - def Compress(self, d): - return Vec(p.Compress(d) for p in self.ps) - - def Decompress(self, d): - return Vec(p.Decompress(d) for p in self.ps) - - def Encode(self, d): - return Encode(sum((p.cs for p in self.ps), ()), d) - - def __eq__(self, other): - return self.ps == other.ps - - -def EncodeVec(vec, w): - return Encode(sum([p.cs for p in vec.ps], ()), w) - - -def DecodeVec(bs, k, w): - cs = Decode(bs, w) - return Vec(Poly(cs[n * i : n * (i + 1)]) for i in range(k)) - - -def DecodePoly(bs, w): - return Poly(Decode(bs, w)) - - -class Matrix: - def __init__(self, cs): - """Samples the matrix uniformly from seed rho""" - self.cs = tuple(tuple(row) for row in cs) - - def MulNTT(self, vec): - """Computes matrix multiplication A*vec in the NTT domain.""" - return Vec(Vec(row).DotNTT(vec) for row in self.cs) - - def T(self): - """Returns transpose of matrix""" - k = len(self.cs) - return Matrix((self.cs[j][i] for j in range(k)) for i in range(k)) - - -def sampleMatrix(rho, k): - return Matrix([[sampleUniform(XOF(rho, j, i)) for j in range(k)] for i in range(k)]) - - -def sampleNoise(sigma, eta, offset, k): - return Vec(CBD(PRF1(sigma, i + offset).read(64 * eta), eta) for i in range(k)) - - -def constantTimeSelectOnEquality(a, b, ifEq, ifNeq): - # WARNING! In production code this must be done in a - # data-independent constant-time manner, which this implementation - # is not. In fact, many more lines of code in this - # file are not constant-time. - return ifEq if a == b else ifNeq - - -def InnerKeyGen(seed, params): - assert len(seed) == 32 - rho, sigma = G(seed) - A = sampleMatrix(rho, params.k) - s = sampleNoise(sigma, params.eta1, 0, params.k) - e = sampleNoise(sigma, params.eta1, params.k, params.k) - sHat = s.NTT() - eHat = e.NTT() - tHat = A.MulNTT(sHat) + eHat - pk = EncodeVec(tHat, 12) + rho - sk = EncodeVec(sHat, 12) - return (pk, sk) - - -def InnerEnc(pk, msg, seed, params): - assert len(msg) == 32 - tHat = DecodeVec(pk[:-32], params.k, 12) - rho = pk[-32:] - A = sampleMatrix(rho, params.k) - r = sampleNoise(seed, params.eta1, 0, params.k) - e1 = sampleNoise(seed, eta2, params.k, params.k) - e2 = sampleNoise(seed, eta2, 2 * params.k, 1).ps[0] - rHat = r.NTT() - u = A.T().MulNTT(rHat).InvNTT() + e1 - m = Poly(Decode(msg, 1)).Decompress(1) - v = tHat.DotNTT(rHat).InvNTT() + e2 + m - c1 = u.Compress(params.du).Encode(params.du) - c2 = v.Compress(params.dv).Encode(params.dv) - return c1 + c2 - - -def InnerDec(sk, ct, params): - split = params.du * params.k * n // 8 - c1, c2 = ct[:split], ct[split:] - u = DecodeVec(c1, params.k, params.du).Decompress(params.du) - v = DecodePoly(c2, params.dv).Decompress(params.dv) - sHat = DecodeVec(sk, params.k, 12) - return (v - sHat.DotNTT(u.NTT()).InvNTT()).Compress(1).Encode(1) - - -def KeyGen(seed, params): - assert len(seed) == 64 - z = seed[32:] - pk, sk2 = InnerKeyGen(seed[:32], params) - h = H(pk) - return (pk, sk2 + pk + h + z) - - -def Enc(pk, seed, params): - assert len(seed) == 32 - - m = seed - K, r = G(m + H(pk)) - ct = InnerEnc(pk, m, r, params) - return (ct, K) - - -def Dec(sk, ct, params): - sk2 = sk[: 12 * params.k * n // 8] - pk = sk[12 * params.k * n // 8 : 24 * params.k * n // 8 + 32] - h = sk[24 * params.k * n // 8 + 32 : 24 * params.k * n // 8 + 64] - z = sk[24 * params.k * n // 8 + 64 : 24 * params.k * n // 8 + 96] - m2 = InnerDec(sk, ct, params) - K2, r2 = G(m2 + h) - ct2 = InnerEnc(pk, m2, r2, params) - return constantTimeSelectOnEquality( - ct2, - ct, - K2, # if ct == ct2 - PRF2(z, ct), # if ct != ct2 - ) diff --git a/kyber-crate-tests/kyber_kats/nistkats_1024.json b/kyber-crate-tests/kyber_kats/nistkats_1024.json deleted file mode 100644 index 3d5739981..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_1024.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "8a39e87d531f3527c207edcc1db7faddcf9628391879b335c707839a0db051a8", - "sha3_256_hash_of_secret_key": "ed1f6cb687c37931ea2aa80d9c956f277a9df532649661035c6e2f9872132638", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "5ef5d180bf8d4493ef8e8ddc23c22e428840c362a05a25fd306c6c528bd90f8c", - "shared_secret": "63a1039074f01f2651213ad9350d6561cb03a60400e74118bb4464d87b9db205" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "c9ede13be3dbb0edc3ab08226cae11771ff4c0b04a564b64a0d9ff10e373e986", - "sha3_256_hash_of_secret_key": "9b5876610793ae42f683d94f736d8d7e0e033bee588bab07a31c9cdb4ab99a5d", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "bef440cb5a14bfa652ff69fc431b59980147a2408df8a893f0fafded11d6cfa3", - "shared_secret": "856d56ee09279a13f9abdca14ecbe8ca9968495f09a0758b6d1c8376099365eb" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "ff2546623aee72025fb6746fba736bae0e80e257e66edbf09d8d4dc11049cda4", - "sha3_256_hash_of_secret_key": "57155298b53d3af5d6db214dfa91a9e16f8d5de570bbff5dba5f4cd84098f255", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "28e308a6f91068b01a7065b8579fcb6234ecd9bb8d3172b6dfc5a3a470050ea7", - "shared_secret": "c33a4432cc441b7683605c29afdecc81922cf234e02be8c2fbc4e2a7a3b4b078" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "25b786a67de17d61b2fc0e85a13924398aab931896b6174089569f08b7260687", - "sha3_256_hash_of_secret_key": "d188a2637dfe80dbd0fc25165eb4898923888a82c10f6ff0b8ddb5bf251c0650", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "8427a1684769e63ec43e97ecbe7b7e654b6e63433bccd23340849904e02767dd", - "shared_secret": "7c14fb353ba421705de44f2a12ddc5ad9b11e30e7b0e163cebebe2da79a7293f" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "d35e259a200d16048302df38d8e7f9e1c3352502c43f086fe166325048fdce9c", - "sha3_256_hash_of_secret_key": "020ba30e5832867a6db83cdb1e60ddf0b0a88fb33919edb84b246a345d11da6c", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "b52dc0a41015132b3e7a1ae6f544f12601869bf0673625964e5c4e05cbe656e0", - "shared_secret": "35d2a2ab0e91d365a3e2e99bbe3f5121f2eeb528305cc7730f679e10ec1c9b8a" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "5a5db7d619be642bd87294527b3f859372b279a1e6074824d9632b5d7f616e42", - "sha3_256_hash_of_secret_key": "630f093cb1ff96bff76ede70e970a009a9e5d28fed660e68127d31c3b6dbdb2a", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "4714a5497351399718258f490da0ce28ce8211aad6975546cb4351c8ebe61917", - "shared_secret": "8084cfff3d54b7680e737ed71c37e449f1f9d74bf6735696c46910b13d42d1f1" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "f0d1acd4fe1bd3bad938c23ec5a7f320766e01005e32769724abb4ebac578def", - "sha3_256_hash_of_secret_key": "664f3632f56ebc5c509931ff3b7e1845265e42a76e20550b683527d7d24e8df8", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "4ebd3e44b82b03c01ec2aa9e8805e53b8c8022e987fc9eca59c9a5cfcb1c4a84", - "shared_secret": "3e94b68a80291e957f9dd0a15b112ad75bfa07951ccb36c2de610e6755a4a0d6" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "7008db565f7ab9c362dc38dcd3e30e5da873c559e9a9222710e8d2e7f6417ce6", - "sha3_256_hash_of_secret_key": "9e774cb57c18575de3ec6a9677e40626c2026e47c389c7a3dc5422d8a83b747b", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "1cb3879c49c65c184d605bc6daa22f63affd2a005e145103e6c1ac1ad683d976", - "shared_secret": "900649130f9c28082eab5ce3d128593eeaae89667d7fa4da23fcdfc1573995fa" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "143b9c53320cdb1b7e8d71efd1f0a1ad5ad1e1ce84dd9fe7c92f19c926388e3c", - "sha3_256_hash_of_secret_key": "63707e33c30114732374ac21fd5be61e6dfa7dd85a36eef2e2bae6b3d0599a71", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "780162548f2d85c00f0276f1db2d6566421cf718679147740d279660fb742544", - "shared_secret": "084aafffcc38ac80dfc02548df07f6e7809eb0644385abce0fc569821a907011" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "f2d009cde4abd55a2c7417c9341792e60eaa8e26b53a3aae805746401c4c446f", - "sha3_256_hash_of_secret_key": "2a53faa8053fa21b7b07a96ea259c052ef78746c5d53e2857e9f30bd20d3f2b6", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "9b7ead45e0e00c615fce96105720d82ba431692f92e1a73e14b490219c8dda2b", - "shared_secret": "a7fd777a337219e1d0ad2cdb47fa18f4685ac343bc537dba6c97326340ab3ebb" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "1f06190bdfd692cf499be99bacc4beccf048c89926769f1b254cca9a9a44089a", - "sha3_256_hash_of_secret_key": "faa641eaff01077bd2fc261ccb91d5c3b468a940e25e8d5d794d564b663315c3", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "3a22350624e9ffcfeaf0a68c265dc03036e7d5bdbb102474fd2aed257fce04ed", - "shared_secret": "17672805d3953f1f374dc8671137dabb0136de43700fea82a2ca23292bd0d562" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "cc20155074cd7cbd43ec2380dc6a71b3a88c9a4bf168ab2bf426a899706fa597", - "sha3_256_hash_of_secret_key": "6084f1eb2fe4b9055d6004bfccadad7bd64f623595dd0b5e0c0100d647313279", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "43291afa9c1a8098770d5ed9dd4cd71688c52d616e9e68798f8718e4555e0caa", - "shared_secret": "8813fdb7bcec5369e6238322be653d920ba26e0aa63a3c3b4e4218c48c1d6dfb" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "77fbe004761fc37fe7597638e5dae8b44bd44c8d6efa2893a0a84b104ace6ac4", - "sha3_256_hash_of_secret_key": "608099f3fa437094212b3aa2696d592a9ba45f697b9c1020b69ec1d6e178b76c", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "368fcbdfa009642b3ca8fe0261d10d18db5566bc43938e193d9dae45adf2d41e", - "shared_secret": "b00167b499d5130ef82a91f83d1f1563185de735e74f89afea0b45ae1b90cea8" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "49cbe8daa7dac02d7795e907b037e2ae56624fdc8d7c6320f9e1e69dd0f6286f", - "sha3_256_hash_of_secret_key": "de7838a99458b56d0f1de343315d1a7d460269ded85551f70335b1e002742b5f", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "04c5a66da97cec8a22bca38de71927b176310004175b3496c5a2737e91b18e00", - "shared_secret": "c55179382eb5d4bbd91e45f4b3dcc5d1022110aa209c002600fe0d55a5b3333d" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "a333d474be9bacbea4c301148be2ddf13c3c25d7e4f52447a549a27b6d12710d", - "sha3_256_hash_of_secret_key": "731e7c1597fcea477249114301154b9fda1050e71617827da0c9cc149c1cb99b", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "841415e768ab08549533578cdb506a9f72e8d01b472b64746322328c0c035080", - "shared_secret": "91c0a23c78351e8f8de8e38c5a10e41e5290ef96266f93839169c05842820e41" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "35d109f57ea2764642ea3473a4f192cedfbe153a37f131cdf447b60e92310eea", - "sha3_256_hash_of_secret_key": "0420ee0853629da644872d3e2a9b0a89c9dece1a6748247d2f8f39721af21e12", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "82c120326a2ab109d5c3910a95ec69dc3b1c1c05570728164791870d9c9c1a3f", - "shared_secret": "ffd93f9141d4b2abf600c1c258ee78e0f752513bb002677221060cca3ff1e5a6" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "cd65fd07a78e48c1a02e235ec76fdb509cf9903a4f5a850c51d9d3fda383cc67", - "sha3_256_hash_of_secret_key": "951cf21e37dcba710b581e49a6df1c75c65186e9672d647e9cd7239eb4bb975d", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "0217f113b6d5786c3995b366adff6984d0c8d91a388f798a9556d7d3a8252b9c", - "shared_secret": "550b4e8c00bb5ece74059879fd14f5a0a89073d8a54f8bf1597f1ebf198a61fc" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "376f022313718aba325ef4c3b720e2c3ab314ace74e983948ba2e43ee3a6ebde", - "sha3_256_hash_of_secret_key": "e697899409d15ce13113a2ad86448157a248ff0701b40eec11fb4afac7b9f2fe", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "26c5a91a627899cf23122c5881bd00b0a4f76e0aaf5de60d1d273e8e635b574e", - "shared_secret": "e5b98a3c32a5563c49df725e661a9f44a20390cf83a9779ecf5e7d9f5aff0143" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "7944e5d79dabf7b7259df5ced02669c81b7dc4590e0b10764729d812f6bd85d7", - "sha3_256_hash_of_secret_key": "301fb18a9ec0d975414abc4d41ed0c553e2b9aa2b03bf2765476e3288f760ee7", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "c7474d6b8d9b3677b39b69030f40415e2234e637e200c689f90d6b37da3c4a8d", - "shared_secret": "169929e655f214d7ddca31eae7ecd2e01d9ee0601fd4a2c3a59eb701ed9522ab" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "692176b38737a053dce0551b63e3eca81884bbf95e1d8975671a2f7f1dfae251", - "sha3_256_hash_of_secret_key": "1ae55a55d87ea8d58b51f842c7d6990a1ae6932eccf5c39e97f56bb481a16b7d", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "7509dec8c1dd6f29855e08d61a56ade71c6bd9a47102a12b3d4c9784010bc5d0", - "shared_secret": "be36ca6f5e0d3da0b5c144ebccd725900a06782fae7b2707ce7c5cb6818c8991" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "2f54bedb19919171eca777186dd743b11ec9489aea09534c157faa75adf1c77c", - "sha3_256_hash_of_secret_key": "4bea180ffc80875ac731f18365224bd3eefc8d11fad63c7376adc1a37adc67bc", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "def0451ac37ac39a0ef5b94406de4e313b3d12d899d6a4e92f3ee37c84869efe", - "shared_secret": "9769b7f3571089f1a086606f3545dcd094097befd492e3c9889f9a97c7b181a4" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "7a9232085a0222b9c863931ec3bdbdd51be3f16d6cab3009c138e0c8cb692563", - "sha3_256_hash_of_secret_key": "a01d03ab913ef4672c49664d2c95fecdd98fcfc19e8d8b839e79a8f6fb9bdf42", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "45c35e22eaa9d63a6b57f60ad2e6a35290b290c01761030dea1c9aa7947c965f", - "shared_secret": "7a190640b245b6b4de7ac38fa6d4c50e935c0062c2089c926e4e8c31f233fbba" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "1642d52117145ea2956bd5e446b895609be84a9344ff0f5cd1ec62af9ea9e3c0", - "sha3_256_hash_of_secret_key": "e2d190c6c423252af301186a3e49892da8c22e4c0fb61586d119119fb7b07447", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "0e67bf478bf93c925eee2cdfc285161c1b6dd2ba3a479dfb5fd9203ffdcd3c85", - "shared_secret": "5de71ca6710d2d588f53059a15e3a266eab4ed2230502b597f088014fbe9b659" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "0163017a26dba83777c4c0f46f31375ba02680ffaba588a9fe91f97ccb99c445", - "sha3_256_hash_of_secret_key": "5d101bd4f51fad047a1161e7a95197f6307e7cb88e57fcf9fb28a2be43e9f4a0", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "7e38f78738ad21d1015a2e79860e8108e807a3e7070515185ae581345e08f6e4", - "shared_secret": "42ffbb3ae86b744b00f36a01f9cb34e8a08916f455c9ea0e5e6ce81bb5042cae" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "fb21cf5cc9a8a47a07cb2a154f73676d39a98a7d12a4abbd37378595c6332f46", - "sha3_256_hash_of_secret_key": "3c5041ff25ab5e854e792eccf12721be4f820020ed7895d5ccb7b1ba4bb7b193", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "e2b8a6842755e5a408a47a32c2093dcf3aa0d32448ddb1f1a154315634f1b701", - "shared_secret": "90ca5a797490eb35c3cc24af19fca6dc71d41aa58d68e0061c1bdb8481e691d7" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "591aa9c81277503a34441fbd6cb59c6d1ecd5e00298fa56be9df562576250c52", - "sha3_256_hash_of_secret_key": "2e9c26235e0db1383671ad4ef147c1cbe3724bf800be90e356a5a381e3d9aa12", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "02f85b52a3684cab8bc416b74de36ac686cf3a3a495440cd444c1fe7d84b2e07", - "shared_secret": "bd58345e9e19483cde256be650975b954e167bd8b0a9036a95c98ebf037e87ec" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "1c6c4009e28f6a20aad0c0b14b7cc0a01aeca507c366913ba5cadefe6656881b", - "sha3_256_hash_of_secret_key": "a9d3487d20af12309fb8d12b71a3fc3ad9109a9cc2720a0fa409ec5a491943b4", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "7a5d4cb38e9fb2beefd925d54155ae91d60bd95696db2de45e2307658341f2e7", - "shared_secret": "53d22dbfb623f5282ac68ff607b69b9ce559ec3b70aae668c684d90dcbbca13d" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "4576536d1bace29aa7c31f7681222ddd15a3cf6ea6bbd3528d2ec8610d68d134", - "sha3_256_hash_of_secret_key": "0f1d74d5cd2fd6a9aa7022a0f06bdb6272a0bc23f115796d6e04692aa44de4ab", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "8448f623dc438ea4a849544c4fbcf3dc493b18dbacb911b83ed651155a145c53", - "shared_secret": "cdca5387453ba0f0fe9f126702ada05c3612388b70185b6c2e69dbf98c2803ec" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "eea5db7a82254d19c0a0c552ccc92db9c3eef74cd73a9937b7b7298171313f12", - "sha3_256_hash_of_secret_key": "d4d3196a516686b8da051e915241f141b04af55e83effb968c52f23a19ccf79d", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "84e87b27235041a1815c98ca4cf9ce031d7700a48f602bc9dcc98f876ae50c62", - "shared_secret": "b15db77dc79f2d64e13445c4dfa997afb191e0bb2bbf6a210a5d64263b2408f5" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "72998cc3abc79487ca0a4db5b17514e9961916d30ab9b500430ba748c5c79226", - "sha3_256_hash_of_secret_key": "362b40ba4e015b703f639f4c784fa9f114f2cf65de5f6645e8f9d37fb33fd044", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "44b60f83deff617231e92c5ece08a24243841d3df34de2517c29bdc89ff51400", - "shared_secret": "8ca9424860c35214636855849bb039cdcb4c722c5b81ce18ac1a1090034dafc1" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "e9631b6d4237dd6884ae3647dd8622fc13d1cc689f3c8ed94ec6bcd4bbdb6980", - "sha3_256_hash_of_secret_key": "96736bf10a73d079e56f5812f65e3465957b8228423fdae4059feaf918fba361", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "eda93794649d2ba24fb277e8cb0e5788102a4796cb21388caa25eb10bafefc5f", - "shared_secret": "b056e2904d66c51dc817acf961f141c2de7d201ca8e52d19564d0fb4e1310aa9" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "847db13de94d97a88d5a3deae31c246f5f04d0c7d7f337859e024764337a08f2", - "sha3_256_hash_of_secret_key": "7fc950abb115ea2236036c300c95c76015606539ddd2409ff1b39a99b86a179f", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "af6d97857d131ebccf9d356e78a4fbbb66c7d5ad68fd42d356c3ef14aa756d47", - "shared_secret": "663bcd21601942f0ce47640325c9efcfc3eb3b022f0cfaed168893b1b6e5dcfc" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "f122b76b83c343de27054985634387fb7138f6f6f105cd4cd3f5b02698a964b0", - "sha3_256_hash_of_secret_key": "620b4d0dc53a26e175c69ae7a8f2d749d4adf1d0429852b84839d334e024ab06", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "51f8a50f2dbcb1255619a7a9868eece507b55d2138707a0550a4113a7e162d5c", - "shared_secret": "cad5816f1b2057a410cf917f52040aad9cdef2122ce59211ccef77c4a7c23a6b" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "4c3182ca7a48afe60eb85790dcb50b8005b568921dbc724130b0ce83f1278454", - "sha3_256_hash_of_secret_key": "44b1c2b3487cdda8a8e9205d95dca710093e981e7bf2ea30d1d2502b164375fd", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "f231d9b8e3cb86e9daddae8d4555779a9125a16a6d2984ef55914a27d7912fbb", - "shared_secret": "e8f4dd3d2bb2c2f110bd410b2c37beee6d3bc7c7c4dc477c358234c54bbbd4ca" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "4359601c371b50b50b5306de33cfd476d3b5f811700dc4918beb345840244e3a", - "sha3_256_hash_of_secret_key": "6f2d2c913b4a19bb07b531d74edb549659a35d1330b1ddd62c74dac4bc5f061c", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "a6130d387a04846c8b920f94f59d6c65b4954b6ced0f0d6a8566a0110c198a08", - "shared_secret": "249855eb724db68f7367385c45a3206fa19c521644f8841b7a73f536ca47c26c" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "e1f6c5a99a49d6b1b4aa18089439bb4c56ca465785bb36594ef2ebd3af20d564", - "sha3_256_hash_of_secret_key": "fcc14cdacdcebc6d1933f1ec9d430c643ff5fdbd78d2fe053a8880e6ee8ef129", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "73a09eadd34a8be74772db44187ab49a2bc086b91848c6ff09f1306c264f6fe4", - "shared_secret": "f1be516b31ed89cb70bcf428a2ba2c22b3919f8a9824a59b875ff1e697095ae2" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "b8aa8568431ffc4681caacecd4475c838cf7348402a06413e7a9590ba405ea5e", - "sha3_256_hash_of_secret_key": "f1e4bb0178d949637c06e252493235480d3ed16687e9a1c36df0721b29a7573c", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "24392701d3f5204f5cad5662bd6526a178567186cc070d951e03593e5722eb46", - "shared_secret": "6ec4f71386c0f0c16294e4d76966c69c512d4e5e00a6e05c5aa544e542454225" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "984f4c4ef2371654067ce0f22bbe4648dc9d87eee23842f31affcdc36328e8db", - "sha3_256_hash_of_secret_key": "240fe3ab98047b1985b22240622da9669f7ecec81801861ea0859704f3263f6c", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "f190fb70fe762db7125e3ba3b459e32bf99775c3c1efb84ae1776b50206db7df", - "shared_secret": "464274dd39f2862a97833631ac446642b3c3dd6467c7d2404aaa46a8f5f65b3f" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "74841a59db1202eb2e3744bb36b9c5a229a33cf9eeafca4b3d02d155d870b6bf", - "sha3_256_hash_of_secret_key": "e808e7b999c5bedc14a1763428a3f2b3eb9c3f90743f8a1922c87b5874acd79a", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "675ff34f87383d52203c979d1502e2fd35d9da09cc095b44caa073cf58562ba1", - "shared_secret": "99dd968e1f5c94c6c4d92e7eee393c802d8ea4a34d39de2048eebfb21a0a4b9c" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f7243d71bcbb46b9a423431b3b30947eda5fd81b526cce79a36730d8ee1be42c", - "sha3_256_hash_of_secret_key": "b1e6993caef04e00ffcf42c81ae97c6d89c5c19bc3b3e1235c48829151f8b4cd", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "319744b03f01b7676b3975b70d20698972d5492a2b0c8e0833837de36945c699", - "shared_secret": "0642533fe87a2913a37847843f7336a0e4c47f778afe5cc95433948a76ee7ecb" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "4092d5afa2f038f879184f7344800ea49a63543be9600bdc2b18420744588290", - "sha3_256_hash_of_secret_key": "18b8bfec268d6e1d6edd376689f2bc5ffbcdc859cee0a26ccf550fb42863d57d", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "4fb1c5f9a918a9077f822c79ec0697dd6dd7b23ff3cfffafaa272dfb1233bf8a", - "shared_secret": "a226b83601ae0e6f76f9f08b0a2f6eb30a3afaa39ecf5c5671e988a354fde9a7" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "ad7166f31b2650d125c8ef23b5825fe11afe25d0cda306fa6c7a824b4c2d31d4", - "sha3_256_hash_of_secret_key": "0124d8202fcb0c40d7a6cbc1570df65602f376854abd55ea664f66e3923b3d56", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "74501710705cbe8837e88dc8986d78310ea57196185e3ee3ecc8d17d8cafa7ac", - "shared_secret": "3040e7e4eeb844c1385a78dc3c8a6375880ce8fab92827460de1825a4915c3b6" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "37933cfd8c0e61085f2ae264d85c4ae05f8bd40bf29976c6d52e4f1c7ff709cc", - "sha3_256_hash_of_secret_key": "e9a6c0af326ca00c7f8ee0b6ef5661be3a84c39165ff60fea5510cb219b8f788", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "3fc676cfc433cccd2d248824c4f51406491cfd99bd05f863cb4200155ac471c0", - "shared_secret": "d990008c5eceab7097524d6755c663ba04599eda80560d59088b21cd73243462" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "ae96ec4edc7ee08108fe6c0411a96f48731066ae4be12edeb7fc667039c9c1de", - "sha3_256_hash_of_secret_key": "7110c8c6d14a3cf5dba3e5f2ecda1ed1490e62b032f798139b779054da20985b", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "9b33f0f26252a0e1b92f55f4c0f979efd5ef68ef1ed6f23bf23e5eab1c732ba2", - "shared_secret": "bd50423b4ef27559d67532abbfad2a3a388e3dbf4d7b6488c2b48f19cee07ad4" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "4e23909b028699d6677eabe6bac4bc4e8437acbc52b0b17f1df5760c0455c2b5", - "sha3_256_hash_of_secret_key": "63ace19297953d106cbc1df1a25143a15772197c05aefb070825ef568eafcf23", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "7747110bc34f1a35fea13d10fffb950a85bd6d9247c89b2071afce7544b312bf", - "shared_secret": "38e3d97b0547e648b2b722c4844f59ed43dcc4b40fa7dcfe6184c2fe62ab3530" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "513906f5bef81445bd210d63fc4c9b9ef0b61c17b0cd5b229a45908fcbaddcec", - "sha3_256_hash_of_secret_key": "11added546dd697edc51e8ed16ca3ccc9da9629c4ce0c8404d04de1aa8b8114c", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "569f8e9da2051bde67bd3ff8e81e3b4e749b198586e2ec8d0544e6a8793aa782", - "shared_secret": "cca4f1d172212f8c23eb5da77144640d821d2671f66f0b3015d0b46e274e193c" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "4f8b3e9ae47d3b5b95c080d4f18440c24b0691c19f06f5547554697bdfe97b01", - "sha3_256_hash_of_secret_key": "cf4be19205cf0c2bd0eb0c1e7aabd40e265792bfc302bb0f28716c406585ca37", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "ce6e0b8523fc48a54f1b10be23b1e990a390e4e823d4483681ffbd2ad09f4977", - "shared_secret": "dd7816a8a015b2001258e665dc0e576ae19b10dba9704be9c484e4c8ba645522" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c1b4fdc4929c2c7e4501ba7a9feb0be571e27c43fa96f9a7f934636ed9a86110", - "sha3_256_hash_of_secret_key": "5b475ff0aeb273c017d1e7d7cd380e41d50e634840e443a762608c09282f3007", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "556aebca384b3876ec2c00d446239855602625800bd1ecf1b7eb3411d101d442", - "shared_secret": "e911f73a4c23637a2708739bd5ef842ccc57d32993f30d6ee1f88acf5093ebcc" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "df4f164c11041dbe981d8ff2008757b7e694f564a298b92cd182129ade5e72bc", - "sha3_256_hash_of_secret_key": "1f836ed803ea8abe63224c016dc15468719599e06564c11e9f641eeb3634350c", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "5dec68120c8c2182ac2b2995eac56b91df2ee9c9bce8e801853e2cee14c0d8a2", - "shared_secret": "572994fb967815fe8bf36cf41560dc69aeba8e32b13e1d25128585dbb0e71068" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "ed722667caf175df48a3a346ec7cb1bcc37d67d3137ff7b7c70a07f202893a33", - "sha3_256_hash_of_secret_key": "272df80631771996565e673a4dd92318e87e625097f74fae14c688a24b558216", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "4214ca50c6c732d34dab0b460d7cd9e0ae97346fa50a67386fc35ca0ac8223fe", - "shared_secret": "92c63dee4666bfb34fe3095f65cd458654df578f6eac0ec75f5235e5da6a926a" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "0c4dc82d723965476a518ea0915c1554bcc61c814c80ff120c37e7e8ed6d5c40", - "sha3_256_hash_of_secret_key": "d9e7fabffb14d620ccf618a1e25375d4cf58875c38ecc73587cd09b17621ade4", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "651834fb53362a4c4af0b141885056f9db913c4be968c1aed3d7d3f5bd1048ec", - "shared_secret": "0e2179fc3d310aca496244699b05da9b7bbb7891ed41b675e5dd48355a586360" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "c934c11e2eaa7c3c4e764863e436ff12fc9f517c79df6344ab98611f57fe7296", - "sha3_256_hash_of_secret_key": "4f502a9abdfece85347362ac4c7e2beedb137e29a4b638c9bfd710de432b5e5a", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "06786544f2ea24bcbb677092f4602d59f9cc9d2d8211614dbb5b87edc6edc46f", - "shared_secret": "573a8fd5e5935badcf974c50cc36e191f0ae2c1458fb00d4117e675424d4e37d" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "5b07c8359e6ec4989c34b31293f4df965b5d95802afa5836beabb001d5cd4dae", - "sha3_256_hash_of_secret_key": "73973aaa43538874f8b16d44faefbd26dee5389a05fad2d4f966662ea9eb1df3", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "2d6085e31726d74e2ce2a28088ef3247b68b39d0d51c225df2521ba327bb3154", - "shared_secret": "c8d5e0dd64b4f3c6450fd24ed2918887d3ea2806479d3fcd5a19894f4fe401ea" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "37f1d7e636b4ab366dd5725957b9e5d2498e4ee1929f2213f9d05c882d96a106", - "sha3_256_hash_of_secret_key": "1b150644ef3edff5c406fc9a85e16fbc87cfcf8a6ac726284483947cc2fffd63", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "37d80e33f5bde211a9a3f634f8505a816e46195616c34a51d62b031822201337", - "shared_secret": "f0691ad2fe875e3f0993f25452c70f0c40891b998deb6a7f7aa3c0bacc59bfce" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "a5383897314d60ae0ab1a8b50d6f5de454a2eb8b0502d57001e6e19223a82ef2", - "sha3_256_hash_of_secret_key": "38e8404120bbd346e0483ff7eeb758bd655ed94f6c02e427468f0c5fdbd957f5", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "3e819dc1fbc939e49bf5935fc8ac8c36d8c16da057091442df74a76fc3125fa0", - "shared_secret": "bec215c6bb33e83574319c839db1ca6793931d35a7239bf4ad3c4a493fe5c5ea" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "500dd7b94b28b5b650d90962962bb9a3ae96e70d35723217f3f178cbe5659051", - "sha3_256_hash_of_secret_key": "5930b10cb88d66ad1ec117d2b134f921fe4ec980ed9c351951d47d33510585bf", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "cb20903e6ba3a41f594cd09056c0a7af4dea86039677761e88dd6818db0d0e88", - "shared_secret": "18a505a0543800a93ab6e2fc1d866e22337fc8387d32541008ff82a73ce7dd31" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "3c4467b507971523509bf97d2bdd733ad9eb94f312e4226d036e8fe827a20533", - "sha3_256_hash_of_secret_key": "76e696d5d7ebb4e2035507601f66f38d74db35d3c76b3622678a2c65ec7b0f69", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "df6a835ca5253cb64d669990a60fe03b44a4a2229beade86a2f3f2381d33f09b", - "shared_secret": "f155d993eadba79e6c2376daeb7f935d39286b10615ab42c5803d43f15960a66" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "69ffbf2275f12c29cbb69f90a8c881721ce39b49dbba550ab93a2c4c94bfc669", - "sha3_256_hash_of_secret_key": "76d6db646c55687ff9eeb3f359093a7105a7ef711bd60a4ef7f1a1bbd70ea24a", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "677fe79386a26743faa6fa1c79576e3f898da432af70e1f45a73b582b4c976b9", - "shared_secret": "4cc8728603d51b14fca46ebaf01e6b6347ee9c71d192591ee857c206d131886d" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "41bbd3f5c241a6d65b510dee6662e2a8f35757b0403dcd375e7a15991a7873c2", - "sha3_256_hash_of_secret_key": "256673d5b2a0225515bee64da0105c167d031405098819b6992d01c3cc711bdd", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "9306db283ad2a844ad6d266ff6c7bd8e9b4ffddef78d656c9bd06d52cdc52c74", - "shared_secret": "fe5dab115160a7200005216d7e6e7dd8527f9c2eec34f60c6710ee21f7f91730" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "290261ff6a1d2fabc75feab002d16cdc44bdbdd0967c728ebef0e9814c60b5e5", - "sha3_256_hash_of_secret_key": "beb5d2dc34b1dba8c87e4ca2659ed8ebec2d93be0e2d78285efeb9fd998f5805", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "7f94b2d97c0821593745e9b5301a66a81b75e71b15c8c21558c8b8b077d7af5b", - "shared_secret": "ba33ea19873105ed9690d40426b2cd24073c822eb86120a4fe8617b5201f9494" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "7ffefda144195d79e581c91cdf0247f4346e811f890f54f25226b4ab835871a4", - "sha3_256_hash_of_secret_key": "7b85555898660cb43a060e367d9a97112b48e3b8f99d437161cf6ba44b5c6922", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "310c7f22a80995c6e375122f1395604faf5f72fb9fd6819597aba8f370327647", - "shared_secret": "2baf80269b225c66a8c35c6f835f15bd6949ae2814cd8c405a0aed313a637701" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "13dd780ec5347c512cfabf4c2e6a44cb2b17993c7c746f93c1400a5db9f12511", - "sha3_256_hash_of_secret_key": "7732b2a074d1c0aa93106ca84711edcb7b8a369f3873cf89fbcebf0d32176f1c", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b0003e684b9ce6f284d9a746cb806442e5443430bed95f2e8ad7ee824fb3db2e", - "shared_secret": "07318e8edf0ca8f30f49fa906ec814e40ec52922f2c0ace243386ef2bf650000" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d5acaf411ccb64500879102d9cdf6d9fcad673d874a4153383806fe174b2fc1e", - "sha3_256_hash_of_secret_key": "e5c3fdb9d8e92c42ad48684f0fe13aece244d116f8a6d09a764aaa090b3375f2", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "9ada65c57d8292e9a999ac102ef855d5da932a54f80f3d976fe1ca834eee5964", - "shared_secret": "38b5d71f3a64feb2cd41d6b7a4ac5440707770dc4c472c3ed141165fb7e8818f" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "152641a683dd690d4ac3edf0261200cd9244ae7dab962eca2f3d22a554d0802e", - "sha3_256_hash_of_secret_key": "7afdb84b3806783db52ef1f5f0ff89ccdb051704cfd19eec3e2f0830c3b27550", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "499ffb9a28fcc692e7d61df4696b538f1bbb205ff82d604512220a9e19d87254", - "shared_secret": "368a5e417f4fc728f5080e8fe206ca7558909f6537f1012a58b2d9d45b7c6a8e" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "9cc95efe512c84010ccd7118a92522cead44cff28d6e223f76702a47694c8f05", - "sha3_256_hash_of_secret_key": "d9a18ebc4b027c9590d0e4eeed88705aaf5d166cc016cf6e0baa07f678f1f0d1", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "d202a577a7acba1801e03c446279da6dce6f262a6b1bf06d3c15283bf69fca47", - "shared_secret": "7d36e561b501a687939aa880285d32cd6d8b66e2e65b2a076d5aa516cb5b2e6c" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "8b12f00bf09aec2b492cf53686beb31c558d0493cc7b2b9a9dc7265fa9edb685", - "sha3_256_hash_of_secret_key": "9979de3ecfacdc04e1229773f36d7b4bdfd731ea0f1fc2f9d56ee1d07e9bb075", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "53f97fd2a138ceae2b327344c4947cbee6d6563a48d9bc5d8373c4bac5233a5c", - "shared_secret": "6be99cc08c8bf10372f7d5c27bc3ecd17ade8afb967aad41a1b33c0ff848a1be" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "3c98fa4af17fd014a60d11ca5e929e4fa2524f7db289ce0947ad90657990c153", - "sha3_256_hash_of_secret_key": "2c370afe3301b0481b50ae72e21cbb1be37d2877cd802a1d40e05d9b4e6be502", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "c134910358575ee3e211603b58b3d6085cebcb91f32a355ff437fe87ee812e3e", - "shared_secret": "f6fec6f62257d9a7041f119fff60f734c928e945fe131bf70338f273c0614ae9" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "091210fb4f6fac00a24167d9bd2761e601db0a3734e3c835d1e9c5865b1e379c", - "sha3_256_hash_of_secret_key": "fb4bf08e0cd8d2f31969f75b420578f8d6dcd845824e427a6261931f1e1b820f", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6076283588ebdb4630d85b2dc6dce53492e11dc8c9445597ec57042bf1e59634", - "shared_secret": "9c56f6d91af6741ac13f241f8c960433c0ed4adcc86130877ecc1dbc10573bc5" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "6c206507b89f46c6e9cd5e78b6cc78fb3677ee609cc090cf3782c876fd5f941b", - "sha3_256_hash_of_secret_key": "c9123a2bac61c5fc4304da90862d8cb544a31da2cc8b8126ca16a71278f461e7", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e57f70dde96de9e66ce28b7d1a3014cb095a8ad00d80ae7735fd499d57e2e6f8", - "shared_secret": "021b7e80dfd1258695b61aac785b0134ed6e9864d3cdf5ebd4b3ffdd9a5bbf06" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "0560200b8d070d1db2cbeedf3cb322ebbab3edb80cf474b4178633c210b2fc74", - "sha3_256_hash_of_secret_key": "a2424d9992c7e999a5b18e638a22d65e1e5d5029e5fac62a5091095897b3543c", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "b5928a28fea0e5b0321439f9df86c6f10fa6203bcdac0cc94da7f7d6764d543d", - "shared_secret": "2c876ef4c2bd6464c5e4274d5360e210ff389325c1da4bda5495294d7cd126be" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "3a2484828bce833f9262405b562bcade9ff04877838558409d2b60f1b689d137", - "sha3_256_hash_of_secret_key": "610db3251ec079ce8003a49d64ec03dd49d89e82ae9f12d26d50938f4a3992d9", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "723bebfc2e4e934fc9e35383c7f150d31d832e1516c66f8bb2effb449fefda23", - "shared_secret": "909b047e7f0fac27df2787ae406fdd66893a98d98e38a9f5b67bb5c8431a77c4" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "bb8615509158b63be5f5e51a0e690f2ad6fd0c56fa886bd85902abd52598bc81", - "sha3_256_hash_of_secret_key": "3a4a1360d366376a56362fee0aa22756122e3c40226c770797c0baa82192bfa5", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "47cead6dc9f155f4e61afb233c6a8519f016c6f2bf7b1668ed9333daac257507", - "shared_secret": "dff8310ce364ba5686b9d42a17922b8d5e9259a176e38d39687a5269455939f7" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5cf14252096e4988d8ecc4ac6d29ff09c55d666865863d03a68db523728910a8", - "sha3_256_hash_of_secret_key": "404e6febba9802464a188007c2137fc25a4c437611babc8fa8248a0e42e45357", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "84765944d4602d3fca6333b699d98e4c8c9b3bc1570d428398a29cc5a7fb96c7", - "shared_secret": "faa9833781a7a41691f236feefa0c743bc141f458ecbba98eac4a51ee1ca001c" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "345118a7b9bcc773f0ec10c3e353eb4365d2bbff3b812df4635d5c8265b5d8c5", - "sha3_256_hash_of_secret_key": "2eff0ff04aa2f95d9d2a877d2c3b4a09255fed2413da76e63506d0def33f42ff", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "602b3893213ac6168e24c7c20d22a9c9126a9f70b918df134860f394795836a6", - "shared_secret": "0f47139a8b007c4ba77c91ee885435dfcd38d38c0aa4f57fc147f08b4751aa44" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "772f50f7047714627bf76bc098e0b919145fcd8df6922ebac383e5c556738390", - "sha3_256_hash_of_secret_key": "c48cd8eced0093133d3d083baae0f69ebc3e239c373a41db9557c1a46a40d480", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "84f212f6cac0f0e7a6a27630c0c33f98063bd57243b26fa086d6a37161d75f81", - "shared_secret": "182d34d0e83216d26a9d13301fe75a3aeb15ab145433965996255120cc9a5f86" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "a9f015f625356a6bacbb5e565c70184940891589309a571b7166c2ee713b8fbb", - "sha3_256_hash_of_secret_key": "924859759e33e4100a02afca0ad0f0e631eeef3b4a70444267e921b0b6eb334d", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "935ed1ee90431bb81d67fa4c620c973f7354aa5dab63b51686501882e65a3961", - "shared_secret": "62a14f68d726235fc16e0ac57ad4ae0eb3fc029abb18567a4ee574b44924693b" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "655d6f749b0a013bec99e017f5e13bff76680a2f9386f2ac6938d7950d5fa1f9", - "sha3_256_hash_of_secret_key": "0511490e76eaba3b276ebadd300c394490589dec54468855977e96a33025e06f", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "c28eea97d0767b408e58bbadfdff091ba468c26b585f22bde6f3eeb1fc7bb631", - "shared_secret": "4ceda11055991ce1e5d910a240981e39a6a903b20ea6ae6a21d9d56d0935efa8" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "1c3c2aed0ff6944819c93f9a9fe77d14a16a385f644de118099fd4f7f57db9a0", - "sha3_256_hash_of_secret_key": "0fb711641d1830a3eb4ae1a4bc2fc610ea9a811fdc5274488dd31f9cf52ec04e", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "9fae0ef351454fb5c87cff7ed880d32dcc2f0654ab8c5a5b66b1e85d8e6feb06", - "shared_secret": "8d8257f05a4e76ad11783f7f6850c4f1c34017bf5ab47f89eae202132ada42ff" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "357d61586f671648188f070899d2eb3408158adf5e8056ef37ab6d8817cd8275", - "sha3_256_hash_of_secret_key": "b22e39d960d7079015d70fba54ae860285f3c182bd5fc8d84c255f5e0f86f800", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "388d730604d16fff83eaa4e21a540b2ed8b3138f81b4c1c4cd7bb863325344eb", - "shared_secret": "08a60196adf66426b4e7b90be90160e196944d012cc34a524e1e73ca125ba407" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "ef07b1f4886b895a3246241ddc084379eeb0f0ed84bdcd318fe72c9b546413be", - "sha3_256_hash_of_secret_key": "132633e3d33bcbc61ff70504e34bb033c92db5086bd924eab4ecbb8e4be983d5", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ea130b782f8d0167bd57d1cbead18c1a5a65ac27681847b85d8e09030dee8738", - "shared_secret": "13f3b79bb1e5d20ed95c7165a610e122b5de6cb02444cc66e0f1f9ec44c27485" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "1a2d9ea0d2280249d9d756975c6979a8770bf4b5f6addbd76d045a816bc1be38", - "sha3_256_hash_of_secret_key": "23678549b4e6e050b57ed1ad078705d33fe76ac976a9f70312b9cb45be554b0c", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "254058fc10c3327f551dfa143d17dcf4dc4319419050cb5e6841a8d5cb6ce9cb", - "shared_secret": "fcf4227a487e719499f86e44ff74a5339870e4238c20731e0c85f00229f2a1b4" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "a57b333a2f41fda2ea72ea11d8bd642d911f6afe90e60492ebeefdc17a932192", - "sha3_256_hash_of_secret_key": "b59171816497ec0c34b963be3ef6366eb051cdebdb145fe445e16b72aa37356f", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "4bb877beb1b9dbe916e61f9d6d7442deb7483128b6db494a0724e081be74ded6", - "shared_secret": "3f8cf35d0ba76d75dec611e5fb059db5197862b7e5cc6b116a730734932441f3" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "d3cd2febe168b1ddf776b954e96085a7d475e3c8cbde68f7c80ffc9fa46b0d43", - "sha3_256_hash_of_secret_key": "b41a159ad0a89e7a771ef11e68efc9d79e6add05b261d0e40620a6b667a6c6bd", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "62de1efed6f92fc50d8fdef1ff217cb04faf53196e5af3a7507cb6ea5f822e2d", - "shared_secret": "d48544c1ac452c0b821e080e02c9c83e95252fb033617ce270f58e2974679fc6" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "9499c1b006a0ec2c299c41c3f728c3bb7848957fb2bbbcd05b65233b89a2b1b1", - "sha3_256_hash_of_secret_key": "bdf5c3beb39ae62a6e29e858962c322fe525a307a163d68f765779b7848bec3f", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "3a0a1742b1e27f14001e3457a00748f232f550687a232fa409c2098f97e72bb5", - "shared_secret": "6b8f4cbb3c4fda3c067d7ba48bf24e24258ca7e26bfaf918b784d01ae74ec57c" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "aa14ea531df0a7f93225de1c75ace0d2692bc750b1b538cfd0d860ae9c5a8c13", - "sha3_256_hash_of_secret_key": "155cff081ef58459a00ae63a6ee0ed2698bdbd99c67b4c9dd09f8b0fc3de0120", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "8753aea7979a0d3f7aa35b9fab1b320d1b0965899bd51bfc8c1f6de79ff7d92f", - "shared_secret": "aa9878a81dd8165350b880c4af6a2adb9e50a48b9e0709f069c02184d3785181" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "e0013ff7eb7b8266ee94659f3372f5981ce1d87584cb1f0e80da2c0c95c16b4e", - "sha3_256_hash_of_secret_key": "7eece78f3f97759d0cfc8a69481271a425c56e540704b2fdaab8b2d920d19e21", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "777253af58f65c8a85f3feca46f8d32eb5d3d5d0664ea59cfdf47b89be9f005d", - "shared_secret": "5a23296c84df3d660e7c2a973c4e6bddad3fd814e158028ff92b234cffb1afa4" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "b503f8ec36d39fc7b4b8ada1cbb933b9db9ee118bf081ed75dd5dba7590f6c8c", - "sha3_256_hash_of_secret_key": "65d28565658fe991b77136b89255ec2d1cf65368e06f2b30bcedab87ffe39550", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "a7302707d52fc49f3e3637a742826bc8c8267e89c1fdf95b2ab7a0d8f1003c8f", - "shared_secret": "d790ec546719fb05125841bda9dd361e162ca4241e2b489a0f948b612309b649" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "03341657b159925cedc8967872a45a3c1f0122979af87a878a2019b3f17c8ba6", - "sha3_256_hash_of_secret_key": "6bb236b9c7a818f9edec1e5da339755dcb7ca1b663a5a208c38c75e7ad7dc12d", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "9a9301ca946909c3ee5d2171bc36322179ab4bfa825ffc0b826517accbc78298", - "shared_secret": "10086d1a59c41f84a089c239fcd8f8eea3b22c7796f9c1f9b1867b709cb77704" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "60c001172c4734a620c248654c58f1c10135657083de776116a6acf8a55f3610", - "sha3_256_hash_of_secret_key": "b10663e90392d6387c16dcad565bbe1fbc05f32495cf9878706bd0d61d289147", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "e4b3ce9e19c204a884f8a5adbe41acca97a22f1f5f2a13f1185021a8a36a131f", - "shared_secret": "82ad68065774eabcd6e78c027286ca7c7120987c4984e56f52abeb1ccc7a273b" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "647a136f20b22c63afd2b88d14fe7677cf5c2b78223a587068377021f6edfe9b", - "sha3_256_hash_of_secret_key": "e70be83a7585618e7b91bc9930a581625e2441962c823a27eda9f6dfff8528ee", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "6287ca7c4d1eb3afb6ecfc456a4ca9ef5776177dbd5115165424c66e2db061d8", - "shared_secret": "2d56c88020d399532bada6516f9a1acc28a565cf252bafd40043879bcd6de1cd" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "1cde599b2dfc69d59036434cc0423337513fb9506452bd8f42bb82661ad0065a", - "sha3_256_hash_of_secret_key": "aa80a266176a7ef8fb22fe21fcf3d3762cfc36734d8b6db3c6e1d4df1eecc1a3", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "31c85544389bc3163e6893d9298d947a6cd189b045eadf8dcc265e4b5c750fcf", - "shared_secret": "44052d0cc62801e0d9717c65ddcb560246cd901f104b4252eeaef903f7c26af2" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "2a50c7a070b3dc7e107eb1e8b96d62305c13327d729bf9d97c69f1fe6eed2b52", - "sha3_256_hash_of_secret_key": "6df052019662b83b16b4da0a85b17f2fe56ad269b294438c8ad298d2e2269d2f", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "c485c6e392c29c231c9eb04861fefff1fc27544443ebb316c74f9d4d7d9be68c", - "shared_secret": "2e95f47543ff640e6384d65cede004c4fc47e9e2f05649e694c18c7faf975987" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "5f166082ad3ab0c739cbf0a6bbe2707741d9b5f53a0e16199280a2376c9e5a17", - "sha3_256_hash_of_secret_key": "391b71e679b9a0a23a1aeba042ec7df439fa0a18c6442dbfe2bbe05d4fdb5fd6", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "499c37f74e94c6c724e218f339b8d60ab65190e0a56e39a6b4cf619db98bb57d", - "shared_secret": "42f1442e384b4e747794c944f4df154cde33cdff32bf35c2c5234919762030ca" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "40b3a72c164432e6ca838693ef25b30013e5cf56c1e6142828107a10cabdd169", - "sha3_256_hash_of_secret_key": "6f970259ae97422f8698120bfa8e53f4f89589773243db6e7a1859c94181a3f6", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "55e508c96b8b7c06cc9a88b4c9f974abd3e2cdd96ba6f0cf330ccaa3641fbd29", - "shared_secret": "a50a07f6b01ee4429848806031637c8ef8da23f253874124452e3771ef98b6e0" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "f475da2ec982c47d91b24bb5ec6c51910530eec26f38541b173b38927d23c568", - "sha3_256_hash_of_secret_key": "f8c836ce8a42d6d07f1ff40e2dbf16d264bb6ecd1cc0227ebf792a6bacd327ec", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "d63a88547104683878df29e59de826821fa3a95bdd668e5e838e08a671d887ee", - "shared_secret": "c299f650b03170f5cdef5da81e52c2a094b11aaf58426e8c41e06a26c7d5ccc1" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "2b22f73a770cbdb80da84f97f27a14c5df5b3372d52503d3a20c3cb2bea8b404", - "sha3_256_hash_of_secret_key": "a111bb1797a3baeecc223e4fc4accf093d2e069cfd40d45346d2aefc09acb358", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "e9c030db90931ef3d2a61077dc33529aad87535e809d1a255fb5b5925f202893", - "shared_secret": "5e1ac468279cfe354c4d0df6ead070071b19c9707338158ff7dc133684afe2ba" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "3d8fe8354d81146fd65af657da08926bd3a6ecbc2f81cb58d1aaacfe5b6e686f", - "sha3_256_hash_of_secret_key": "d1c524a715b2d05abc8e8729204b620f4551815cdeb00662b487d58e99c0ac7e", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "c256150127c8119ae42a62b90ac9a7119a3faa5442f058bbe5844d29c99c4eee", - "shared_secret": "7841501410e4158cf04f92b9d65d0cec732984ea66809130aeb594156829dd39" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "36fc15e2340175a2a64ca1cf31a4b38ed5f797aaa8acb0c3d2ed9c19c7099f27", - "sha3_256_hash_of_secret_key": "0741ce5533316ef689bd966721b1ee57a272d5eb557dfa6fab6de770a2e7afa0", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "0c6a7cce80da6e6a3c17b46959124b8c26a8a74b5068f707f582cb5b811e282e", - "shared_secret": "6b3fe0dd082bf384c3e08497d380516e78ca778de627c112d02dc8c393334d11" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "26a1b77ae8a807e9de16a9ede5da5aec3ca5f23f5ea00e455d4a091467e6ac6d", - "sha3_256_hash_of_secret_key": "2bb0f5318208eba32bfba206dfe174f976431dc12421bc7b3705fc7c0b4a06cd", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "ba2e94ce526ee4bdcd818855708af8173acac373696df4f910720fb296bc1076", - "shared_secret": "cb15c306ba8d5f4f8b723db93bfbcfd4fa02ef32ed8e39c2aeb706a463d9a40f" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "2460170e6cf1da1e7b92037f51b4e7674d9abf74f5c225c5c6ce16a971691284", - "sha3_256_hash_of_secret_key": "a364a1f435a2d2a341b59a1886af0d0f3580e56306869bbab819de741ac9f642", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "ff21fac2cb15307ebb70ec04904f636bfac9ba968e86984b4a55dcac70430c1e", - "shared_secret": "8dc8bc55a907bcbad27aafbba2cbd957c30794e3770d0984a6323b641e5fe53d" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_kats/nistkats_512.json b/kyber-crate-tests/kyber_kats/nistkats_512.json deleted file mode 100644 index 6a3125287..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_512.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "7ffad1bc8af73b7e874956b81c2a2ef0bfabe8dc93d77b2fbc9e0c64efa01e84", - "sha3_256_hash_of_secret_key": "26e1b5ea0f48b3c87d7ce87113b6a93a49d9f7ede7c5cb15b41382bd3243715a", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "a3856ee9fb112b154b397c91398576dda45391b89742603436588d81ce6d1b50", - "shared_secret": "c608777086ed9ffdf92cd4f1c999aedd0b42e5e8ef6732f4111246481e260463" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "13f0970c03d32967b06cca4cf58e87559128d14cb3f876a1ed10eadfe03fc1a9", - "sha3_256_hash_of_secret_key": "9c613d0d3313af8169e65295e8c4f21f0b5d3e78de031e78a12ec864d71b6548", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "557c682bda01552173367f40bd2b2c1ed64aae3f083c80ce2f812d0b60acfacc", - "shared_secret": "9401f92689a452b5e58c35cf06690596faa4ec0937a04493a359b59ab3b0fdee" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "083553153f7d65cd5cbe201e681245eda61e1ec2c7ee6b91a9ccdeb6b76943b7", - "sha3_256_hash_of_secret_key": "b4148d4bba0430ddca173618456704ddf440b9b5bdfd61ee46bd79590dd78ff3", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "7b7b882320575a3cfa5f0ca2165ed39383921da042f7bce896896fa90fef2aef", - "shared_secret": "f2c689c7a8180baf27a4573d3e6154d4f2bff7b3f34d44576e777e2ac1249e8c" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "9df5746a44b10c1886f62b068d18152a85792781160e1a1a19a25b5ca00555f4", - "sha3_256_hash_of_secret_key": "75a93307372e001d4fb028125dad61c4412ac864bf7eac7a213ad3dca6599981", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "72782e8ee6fe4e4442723e727b5d415f66fda7c363fe6dc7be22d9b8741852f2", - "shared_secret": "1dac4f6f8d96ffd931f67b03cee8c4e4bcb42eb8bbda5cb702dadde8340d1524" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "9415ce164fadececacd75fdad3284af20c52fa576699029d6e0ce77bf347d520", - "sha3_256_hash_of_secret_key": "97f1f85233dba2a50848add15f8f0e60f4ccf3542dc6da5f59e06f6b27c59c67", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "80f49e8f6f8d442a7678f2c33881a5264b58a5998b7d9a8e10b2febf59ba868d", - "shared_secret": "01adaecc8cd981e7f00187622defc0cbb8934464ca4675d86bc7d9b69148c85f" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "ca2232297ba8b986dacd401896cb6239f557720d91a2cfb7a73274bac7a0f6de", - "sha3_256_hash_of_secret_key": "17446e8436a68423ba4e22a57135d470c7e91fbe0a4da065bdc34897fda89b2f", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "a08cfd7a6374d902e153b862449efdee9f912234f3e7a7d2697ebf1909f59dfc", - "shared_secret": "6f13bdb1452d9e672c8fedaf9450c436e5fa77e8d58ce83300b8e539f20e9dfa" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "34486689b387ba25dd0e9aedbc53034924ea4ef9497b5772f10ca4d091e9e846", - "sha3_256_hash_of_secret_key": "94419fc5d865a97586b71a3414721f04473d4d30e5a8d6a1c438752f19504209", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "6b930dced8da8c0353569fe807e383e2d04836680fb78881ffc6974802131eca", - "shared_secret": "c81a637f63a802a5d2b336dd960175176b2b838ffb6de5adc501bef984fed26d" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "39d1850f7acb36ed2a35e9af6f94a06c31afadaae3545a069f892ecd8929f766", - "sha3_256_hash_of_secret_key": "98a2ef35596f2fbc7e462d5ee536f30d8bc3a5272d78cb14c0ce816fbb180396", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "2d277dbc8b03bbec796e778c74b4c3f408f3e47835398039236d7cd861762a9f", - "shared_secret": "3031994f1365446186b4a4d6190ac89f928f6706d08c6316d6f522cd7605adfd" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "edc8db1ca35744a75ca14516abe07472d0d1b723f70ca8cf0e5c9341fd2e8c26", - "sha3_256_hash_of_secret_key": "fa6de16f50b0c04b8be10d3262005227715f69de5089f0f6bafc1fe26603e525", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "c20e526b8837092f1847b40f9b5fda528dfb72780aceb510635b490acb5f7686", - "shared_secret": "61419eeacf26714b028d2f7e1e3769ae2f181a7e9311f3312911ead00486bcd5" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "b1eef6e8c88ff8da9cc4a9b01d4c08b6b585beb5bb9e084c6c47a717b51feea3", - "sha3_256_hash_of_secret_key": "bce9d6b2e45918ea5798910aa9baf289b04d8a5bcfa7e08235dccfc8b9479f55", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "811bf647ebaad03c81a84c6a82b4cab108267b1e9c1add3dff1803623471f9bc", - "shared_secret": "3871c9637cbea04a2ccd3b62c9399b0a7277a31caba8a8f015d59b0fed845bb1" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "f581c2fec9055830b38cb68fb506aa927443b1afd1b2b6faa6f92a325985c6ce", - "sha3_256_hash_of_secret_key": "9567f27ef67c3ada92a02cf25d8ee4a6db69744d3f6de5a0026dac023d04f37c", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "c855f0a4521640b9136035b5d02770dbe864b85a6f54f422ccf2b512e1c07b33", - "shared_secret": "3775b12681d854b7ff2eec05cd4ac2db91bf06f3c14db2eb35287129a960ab03" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "f12f3ecad62bd327f1c44ae86c0be6e7f15112b7f6f6d5ec7b13f4dfab718965", - "sha3_256_hash_of_secret_key": "32a666c02a41f7b9408c570a3304a80e947a1be650f5f164e376b8b34b72254b", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "632b389d951d4a4e570d2fee62dd87c3aa2cf0c036dc63462f3ee7e4543ef8b7", - "shared_secret": "87662dcdee8b176e2dc60d079be188f63501274bde0829f3595c99d1e564c2d0" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "4cae8b58e0434fb1475312355a8b40145043bed4b269aaddd654d2e562324bc7", - "sha3_256_hash_of_secret_key": "53793d47a6e9e527f109b7611f33063dbe0b8a1423ac02178934f59c3d47ddb2", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "6f88eea1ec597548ec3c0d22c60a92ac4b0c3e17e332983d01a0bdda1157ecf6", - "shared_secret": "c5676cf0cc81871d677bd7f5982e6493aa3ea4dffbb30dbaf59e90e4977d2f12" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "b899475c1802b1dd76a9783d93b4225dc558eea558ddc598cdc45a898b7bbfb3", - "sha3_256_hash_of_secret_key": "278b448b48a14a9be1ed211228cfab37d07e5f1e502478e3ad059c83a7c83894", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "36f6daad6b98df3f8e26456d06f112ca69231333e4ebd86e04fe7b8fd8c1bf26", - "shared_secret": "c5b03a417c10715a53f3a1efc044a81e266b40a1b16c87aa1f754146ac39b80e" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "1a7e0760c345cb5875303e20e4c72076c794e56ab75231750a190b45f374d979", - "sha3_256_hash_of_secret_key": "eb53a36a9f50baac64b4c7bcb97fecae54d3f66b8311b5a67c5daaefaa63f209", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "1b4728ec7c6e90ad99dbee3b83438050df88887de2e6d7a6ec55e7a2f7f1bbc3", - "shared_secret": "38daf9348e4d89149e4968131370ce3d38a4028727fb85d27f87a95b341340fd" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "0f96fb9e146a1c22cc5d23e9108af0dc5e13b7810b8f5598bbd5f8d4b54c8af7", - "sha3_256_hash_of_secret_key": "d494ee913886be1398be54856ebc83eb8cd7aab4268b976583be2e097edc2d64", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "3934a38f7c11d237b46c9d93a8ab8d3dfc76b3e020b5cfcd0344eae35a333e45", - "shared_secret": "60bc23845c0b116208c0ea02849cea3d8025a7220337c617c4bd304aedcdc1af" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "0bb63b48b8cdd1c7242bd4f017c519b43502656e23817bfd683150488f8b0b44", - "sha3_256_hash_of_secret_key": "195207c9e44942d5cfbf338fb9f20317d3ae8be85dac5f10dd60abd802a3caa9", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "ddcc4d878447ee699abdb85f1463b113784be6d4e42c46379b31c02715243f17", - "shared_secret": "2eb03b010e291fca1bb6ed09d22d50b9c7bec93c556f1f273e57048c9c56bb3c" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2d19bf7937eeab0d2a7570d43cf965547542a519be85bdd4921f7d710747ec6f", - "sha3_256_hash_of_secret_key": "cd59ca5c7954d87bc8d025683563aab0f9272d6c12cc03914220aa6ee392e6b3", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "86184bc66edef41a25ca3350698277f4e49713b821fd0745d276fe490ac636d9", - "shared_secret": "be892649db60b2ce07ef18c4a709714933542ab94ee3250cea6e7c6f5eee5d5f" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "6907e1096410ab332e10f37c93d86d9b4657159eac1faffcd1688d182d127844", - "sha3_256_hash_of_secret_key": "250d27ac4dc4447520c4c1193ac57d239857ecbeac2b1009dc08dca2114299ed", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "51c6ca6d7536a183416b16b1716cecd3d994dba4b5ba019bced87bb51f9cef0a", - "shared_secret": "75556d5854c44805ca5c4bb927c837ff635feaae939220592d89caf74592a0be" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "379c9176059f3a7ddfe021041301bcebbc91e997a0d5bf2ed1d9d125a7129834", - "sha3_256_hash_of_secret_key": "57df17dd8b9b1411af66d82f61dd61c4f5235f48d503c164ad0da02a598a69b2", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "a5773e0569d9e26225b05bd61591d1722c4c1396789ce3156ef749c115949ace", - "shared_secret": "469d60c303b10f517a932d9fc090e61802003e9cba3630224f2c43a4727230e1" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "f5515b23187af5dac6d1d090bc7bc01df34ec781561e3d3b8b62164f74946802", - "sha3_256_hash_of_secret_key": "2ab40ea093450e534152efb278b45038f1f2cccf13a654f1c5c27b8c389f6129", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "d1b469613c872181c4428440cec1ccf87b82303e4979de6eddd437decd8afecd", - "shared_secret": "b545dc066355b91cef05e65107fa11070c455209c55573cc549cd053c8e4155a" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "9dc0d69094efe63d751e6f9c1e92d2107a7b45fabb820222d30b11595c351643", - "sha3_256_hash_of_secret_key": "00f4a04ab804f2fa3ed80a0fa4530fd45ebff8afadf5f5b7d46a672c690ac3ac", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "774abc2c6dc9570eb781a39f79f49f2cc6870a43e8812559d89d1c59bb1aa5ef", - "shared_secret": "2c42bc4a172c928bc6ec7480785d63f7281a9e5acfd3f94335d6d7fe5fb9c5d4" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "16829a8aa9f8c4e949d4e6388448c2c4ec6a977f8c5fb80bd75d93a723bc9bbe", - "sha3_256_hash_of_secret_key": "659cb66f989532fdf5a741fd03862fb142a05a0fb43ae20bffc5116de1a66d57", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "ff53eb11ffac30f45bc8327d7e7d518f1c2d71bae0052ce8e15903c8d14978e7", - "shared_secret": "230a69c53e2192eed6c9b876d6b228fb666b19448e0a2ef8601910d624bc173f" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "90fe22b38a4fafc045cdbe0c9689745fb45760cb2f0f94f7d13cf8c834c4df3c", - "sha3_256_hash_of_secret_key": "10a89c990c7676890a65e1c776cf892ef1431d56fc115ef3115c0b8f91db0690", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "3d1fa5720670ea284567d32beaca2e56853f7b6268e32af381034f13e4cd4853", - "shared_secret": "327c548d7df90d813f3b3c92e908c4c55fe4c7277f91b6fa2271c0f149dfb273" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "c277a9588d9a781ddff6aa9ea8d259e5599d0adaba2f459598ebd5bc72786023", - "sha3_256_hash_of_secret_key": "40609cf26d205ce694ca8baa097bc1342d2462a26678eab90893da147e389d3e", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "bd274d905deacefc3d90a9ed76d59af4e814cfc06c118ec17662afa4f6b4fdd6", - "shared_secret": "0d95796efa11ef2b4f05d0cd9e1d8db26f3e5839fbba7cd84e00d468decc088c" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "d3c8cc315c4054d09deac08c6d5d364fd5d47a3c09041bee42c561f978e2d98f", - "sha3_256_hash_of_secret_key": "3e1b23ca9dc111c4a3cb0a585c7f4e5d1f27a71533eaa5347e285c7c35e81990", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "c866f33265de001b3308ec41682803d46dc61d423d61565aa5ab2f1367c93e3d", - "shared_secret": "cc047c6cad36dd056b84e6b9a4fb6b1b349d593e104ba94a67b107b291ca4633" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "dd1a07043fa0c6452500249601f25de742ab44213e2718cf0ddc5ff6a2a9aa6a", - "sha3_256_hash_of_secret_key": "2cfeaf5c1b4195f0374256027d3a888e9a093de8ff9181296d5b1b94048de38a", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6dad2899c49ef32329180b6b8749c28a24e070fe989027061dea25f0b05490b3", - "shared_secret": "2faf2dd50be618b025cd2b53365221f5258e175e4a445cf053c66b3d3a998c8a" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "f2a8cad42c743eb61aa338049ce917616899c803358541de1e58cbbdcf3c6328", - "sha3_256_hash_of_secret_key": "7a9ebb792c7193ffefe6e4760ebd0dec6f67c3f3b0fddb5abb4b7e931ee827e6", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "125f7da90bdf4bbeecc54e47e065b221a6ce42d0569530c136ce2c9415b17e79", - "shared_secret": "cd890d2eee7f747441ca9448c7192bcc274e8b0c3c80005cb6fdb4691186d85d" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "3394e8401245fd6348bfa697f6990b6671577ec7b35a45b0101730a801942643", - "sha3_256_hash_of_secret_key": "3ecbb219e90e2250ad5ba87f53975439cacc030c3e1641b87ba8c5b3d89a4aba", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "6cd30cb202554c18809da0819ced4cfe83021874fa9c48c3374b7544e3256f5b", - "shared_secret": "e7942359dfb015d5022b790b5e777a93a5963260ae352567d3fb7e27b2ef0bab" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "ec9c0d68c84cf3804f14e8daffdd1e28c28d3d55ee782c98c498b0d9bd4ebb23", - "sha3_256_hash_of_secret_key": "24a2b3c3efd979a1406e92d5c504d5004079965b5fd0492469f1b4250f7023ff", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2c6cfb957639661086b02d9a312e7483150fae87d84f21f56e48850af7e3b62", - "shared_secret": "5d7b6ecaadbae69fbaa9e004634ea609df6ec80801bbe73671f4e52169cc9683" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "a9d7d5a52aa2dc226832f6e4603322f60b1dc21207e3360712f9c6445d37e64d", - "sha3_256_hash_of_secret_key": "2e5342a1c2f58a48e044a26673799c63f88656f6d350a0d7e57bbf8811b2a5e9", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "b79a2fbd2e63aa66a526fbb42440224fad7ce91206df3684d1deb4a3e57bfafa", - "shared_secret": "547666f6c72c97a8f06fbd7cda4279165dc82489aba2119416e0dc46795bc464" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "fa7ba132b5dfa2e3ce67b64bc72d551f3290d428cfbd45ec026f44c8dc28334d", - "sha3_256_hash_of_secret_key": "34306d06720216257691fc65054ed32decd609312f5c5f061e7763ae73fe0aba", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "acd7944297fc3b0d2daa3b0cbc999a43de7e9f948d39b9c6a4746873e285f8a8", - "shared_secret": "88c80381cde3db2c1d40aedf8cf923b79b18cf76efe0e46edc3e25e17c7cd8c6" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "29f8a01ba71d04d6831c03d1ff294fb58ef6f4041772cc071074829c32a3ac9d", - "sha3_256_hash_of_secret_key": "95f9b4063bf05f89ca9f99e393b11c0f2105eafe40abb313f345b58e10519955", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "096f7946c01dc61a13dac8b85d9c377f9c86aaf8ddc02163a74169854046a1b0", - "shared_secret": "ccda9f28bb09dc0017a1df8e1796a3489c66afd2c3898a39027c843cf022b790" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "357376de9843d74252466888727f9dc1ef48d028c0f52c902aa0dfc3de374c83", - "sha3_256_hash_of_secret_key": "b8d675ce213c73f9792f328448850047f4410fc500212939ab2e234b619c9104", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "a0810d28d2dec44499bc47d48ae22984c17728547c3ff0cc859702d2a6962f88", - "shared_secret": "caea7e78e6f80e126a9f41ddc0ae5946a80cdf617635934b22c9097c5090ce59" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "30382cb59feee1b6b0fc129fecb8c74034da92987249bc20cc8ad4a2cfc1bfe0", - "sha3_256_hash_of_secret_key": "2600203271549828d0979adea52e2e976b7d9f85bfa6931d6c79e14137fad51c", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "4d20b7665cdea726a3240782143beb60585d4ae39bf18f4ab5343d4f44c7acd6", - "shared_secret": "431bba421ea89647d815a16f440d47f1604b67d9a2d33f2dcd21dae7e65bd5ce" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "f4e474fd64a6d945e85eb4ee7509cc99fd4054de99f819fdbbb05c54ca6e36da", - "sha3_256_hash_of_secret_key": "d8a3a0edc73fee057281add9e7cb328566fb22c5082978c69088d76e98ffff90", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "0f18bede2f42d6fdf32dcd2cf8937ee8d2909eef0aaca8586c3892d608712a98", - "shared_secret": "cc0a7809cf6787a4587e090249709f694b709ec8475a42b4705bd1ba312c098e" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "50688de263a82386f39a7b82592247bf5499f1836a3a941413c75f6331ce4031", - "sha3_256_hash_of_secret_key": "ff207007724ca5d696ba44cb106f525858111d55323c9fc0fb98d64d4f8de8d8", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "9dcc43fabf94918ed4f7936960d8c732deb2209090d1303d62d5ba591b51a142", - "shared_secret": "cf21da86b3e09c38ce5799637b1492a1a268dbf0ac716499c68bac11a774f41c" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "1a29c0f2dc4089a85db6865ec90faf2f4ddd25f210eb56e49741866bbca8cf81", - "sha3_256_hash_of_secret_key": "477dbc28e4f21587f274e7a3b673f743840da1501c35f0e9ceb8972970de6f86", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "877f477beda55ed2a7c34408c04b4a90596b4d94ac1830bc04a0ac9b73761ffe", - "shared_secret": "b56f557eb758ae10d22b5d65847cd811475b96f5a46b0ed3bc2f1b9b371fef0f" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "3fffc419d3d8a887ff789eb661b2af1ee5b32a302ca267b33eac2ea7e3340b97", - "sha3_256_hash_of_secret_key": "0f42068d2885e1a44b2ce4042675118f4fa35f58c1206b965b57ccb52c4f25f8", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "d8f7b4a0047c18a84ed13e3057e240cb578cdd2ac1e57dbbd6253eca9208d6df", - "shared_secret": "aec1264f12ddd2ee8e51b71d703ca5c2718dbd79858240635f9b076c749a5ffb" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f1de70b1072881eb659a5e890a92c9313c7378d2e960a060b9c918260d4c2458", - "sha3_256_hash_of_secret_key": "ecd9d757d80352b4fb51c71976d7b2ddeb927052f9f7a7cc61fa67662d4dc86f", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "10b2b1dfe168aace0dce3776456c2e2605f99fdeaadfa3ff5e7a81f6bafcb76d", - "shared_secret": "6514a3b97760070116c64014c5695df60d0345b29ada92fe24b672586f5bf06e" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "b0c77b5407577a9a9cd8864efb80974aae107fa2801b6ccaf341d5456a86621f", - "sha3_256_hash_of_secret_key": "0feade68babcf09673bf843c59379520c19081f2bc33940a8dfcee07832ec66d", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "b204aa70efa18e31a11b6b92e6c7dab4b2f4766ec5d302a0e93e4feb05fe4843", - "shared_secret": "52344e5e173fc6088c9dc555cc90d8e5de19bdfa0d657ad8de1a3c24ea679bb3" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "255d2e2fe01c87cf70bc30703644fc255f83fb47cc5cc5ae2c0e49d6198cae03", - "sha3_256_hash_of_secret_key": "1b1050f38bdb785ed43daa264b60c7946d93f135c65e93c95c39fd1f2d7b5311", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "55165f35498250256c30d0f0fba6ec57db352a6ebc05ac42eaa8982b2d48af5c", - "shared_secret": "ce80f65731c8fac072f7153bbdc425f76189d01bacee8462060c62dfeddfaf64" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "63b304a19162abdc4234e6046109f99f955695580a8b782017e107e45575bd78", - "sha3_256_hash_of_secret_key": "19aba21e57d4b3aca7209fd5cbd15f9e7cb9f6777960d9452fed866e9e9234f0", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "5eddd27af25f9553e3a5b20e4de86280c65eb689ffa7773dbb5d24640bf51248", - "shared_secret": "3b23a3cfe57897fa9cb691ee9805739f40d2bf22930ca9ee48ebb7163cd66bb0" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "3c598a48b06d7474da19ca85aff6b2b3303b5d25b96088c52a08cc7f1e87c5fd", - "sha3_256_hash_of_secret_key": "03c563426eb21d277421a30ca8980d4de86f7aedead9ab9aefb3d7362104ec50", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "244dfd0105b643caafe35fdc184b8e23c7538370d545e6f08357e83f413de258", - "shared_secret": "272ecae17c3d107a8b008f60c8844ac01e09b8bee17eb4972f5f71774af2d54c" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "9911b6283fc6dee66e16d411fe39bbc9f53c30bb54f05044b96c740ca051c61c", - "sha3_256_hash_of_secret_key": "06751acd0a50beca92428cf8c803af429068d4e5c4f74cc59e6d3275ea6da737", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "dc8797dfa40479e4edee48d320320ca4a84c55789c94c34ce4f0a4be83ae0568", - "shared_secret": "eb456d8919c7e96c4e18d7a0ae27d47996e4f94c46c60b4649b327903acdc0c0" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "e78d350d2836d1d17e6ec375a0cbe0d6b2afe1ac036272dd41f8aa769c9d0668", - "sha3_256_hash_of_secret_key": "f74b8f9343146c1551a3cf9fb3d4e88febba4e98db745f36678d854230a8d7f2", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "400cda4e51c1eb539625bbe6679fc13b009e72cd442a1385759e7090e54d31bc", - "shared_secret": "3f92ab2eb867d4e2e658917fe95b19042cd768dbbcd895e83b7bfda621fc428b" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5820c7564d087683c0a4864844335bcbd62afa1ee542c3c1dcd8b72c80824b50", - "sha3_256_hash_of_secret_key": "11212a895ad32958d25d2ad32e917bd5bfda9dfcf08e316f733b74479469f9b2", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "fad3a5efa62eabac076fd38f84e91f3c20f7b263408366c476695a9665972ddc", - "shared_secret": "5890e86b38f7fb11708a63f5e98ad65d10db5916e6669e1b0161142e6d30d017" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c56eb5880e9d9d0fe7901747f75eca1996c722ac47b76f34a4dbaaee0ef8a611", - "sha3_256_hash_of_secret_key": "8a90ed45b5910904e2e9f6a6e410d4caf024ef6436fbb75fdd179eaf09f6f362", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "16f18c8dfcb9aa496f8c6f8a76af4cf2405407e0f0467deb4adb7049595b0df6", - "shared_secret": "3b09c4579ad60b17eba6029141a6d9765e1abae72ec32f1b329a5e2af761a087" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "717823f0b58cdfacafc795aea529561d11374f02964cf635c27848671043766c", - "sha3_256_hash_of_secret_key": "f3c47ab6b2f2a0962faf49bbc31f3101d6f4b867952aa3bbee32408c1b88ee82", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fd6a149b033707358fc07243d95b0256153c30e65cbc9479ce05ad2f96204a37", - "shared_secret": "f15864351fe8e878ad66b402f012668e8bdf21525f09d5bcf4a4dad656d2e480" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "7a13afefbba39ad59c088825380398f43f1251b83b0ca9debba0102f902d7190", - "sha3_256_hash_of_secret_key": "da94e15b824e73150a408df01cf1c5e4128739524831a4c2f45d0724144010fa", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "9193450ad037d38d8e85a46a522d4f6562ef7c7aa1372a2ebbc7ecefd1286bfc", - "shared_secret": "1f1a7f0d0d86a52a6679c431c322263b185b0c90ce40db054928be438f38d47f" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "dd4cfbc29de3568663a3a044c3f897714363b0fdd3b6ee55f796292d34c7c79b", - "sha3_256_hash_of_secret_key": "6142d02fd4501c7bffac124bb8f26813009d2bfb91023a3fadea9506a40e1467", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "bb6e0249218f8bb4712d60e59f51cde2dfecfc1f828eff42f2707aa59f12164c", - "shared_secret": "aae9ca8c35deddcfd7dbaa7780fe31c102aa90cc594eb56edc782fdc4eb53b41" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "9ca90d64e28a5bbc54c36053ed333c530f72549c2afd77b10c2944fc833408fa", - "sha3_256_hash_of_secret_key": "510f84cae4d4307d7848f4c9665061657ae81526139a8b6a4076ad3df919abfb", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "36b3567939ee624d5088c4daa597c73349270a754d3c272ec3ca5e08bf896fec", - "shared_secret": "970fe36e57a253e88cc80c9da6867dd66fd8da1dc15c85a480a1a45eed708ff5" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "da073c98794493ec169c78eb75a39c1594ccfa635b8707325e0ab6cb8576e30c", - "sha3_256_hash_of_secret_key": "7829ef884941abc63f66889c3d44381f5450de1b95c6b6f79f909d74b27125a3", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "43f8a2c466c09c915fdbf0d0dc5069ae5333790e7efce86c163d360dd0fdc0cd", - "shared_secret": "8eb310431276a31c1913cfa2e2d6b0dedc8a208c7470251daebc5b1bb6ee78ec" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "c2aa254714dac09b9e712572b24154be391063afd3cd8cf4cc4ed8ef21f0cfe5", - "sha3_256_hash_of_secret_key": "2e552fd01c00cf43110aacac37d01c02e5f59c87133e3769d3b2bf0fd2e4431d", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "854806aa3266473aa5fa6097095d5f21707ab4df857d927e8848146bc4cc2bb2", - "shared_secret": "425a88aa4cbb6b6de122f1730aee536f1cdb8fc84751fc6eb2b42bcde5febcb1" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "8aaca951e0573f28d50831960a28dd11126f0eb080afc55f394e8eaf6379f6eb", - "sha3_256_hash_of_secret_key": "45592f0d94666d8201247fad4d0acdfdb4635a5e4fa85b7e25b2391639451bdf", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "035223323ac02f2a52f9c19da46b31a7e189073fd5ef5ceee6ab8dd1b062b6d7", - "shared_secret": "457efc40f2e99aa599ac1ef92f9efbfc93d17fcd793837857f6a5c91a8dd7da2" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "f15a8fc937b12ff78c54fc273fcd7dd5611e5835472ed377652ae64495f9cf52", - "sha3_256_hash_of_secret_key": "dcdb853d17884fb04396dc10d34bc84d594343ceadda564fcdfa9b4d47dd4e3b", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "a94ff1a0c62792c0e1dbe578210ba5a7f3cf8a9f9763a16362d66a3082e4753e", - "shared_secret": "99b58031465868d0617fa795e6be1c33a870a1e154a85a2bf61346f7c55f3b76" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "ef7ef8d7d81aa907fece4c1920c7ca9dda3bb9d57f09193487bb89d6422f10cb", - "sha3_256_hash_of_secret_key": "2bef3558b547044290d1232a580a6a473cfcd8d87ced6305f996d4db4f46e6af", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "0b60d83d562b66153e07bffb5bb05b7d268351377381b04f1e59201f961f1907", - "shared_secret": "387705c2ed600492a0b06f5587ae3c40be55e6d5592597e57cb8015de9e9271b" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "99b151aa6b4654589afc36b8343fcbdc09a3e5255b378d6ee5629cd8b3cfd555", - "sha3_256_hash_of_secret_key": "b7a7d95034017d523ae23e29fc400e9a0b320f9778ba1587b69dd012f2aa47bd", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "3a4ba04bec2aee99c5e4e2459f1aec52fc950ab67b61570d57a17c4f3d9031d5", - "shared_secret": "2a426534e3c23e28a237047aec83d24abcef8c7f77d85d8b27aedd7c50263010" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "339ba63f705606d8c7fbbd6e66dadbf23f532d5423802c836f2105a636e9e6da", - "sha3_256_hash_of_secret_key": "60aa684e7cbf79e9c70504608a4c0f2cf8dc207f71b1d0ef5e3a99013ee866cc", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "f5d1973f7c10d3ff7cdb66195ce52e182f40ce5b9f16ef67e31ce8632cf617e8", - "shared_secret": "ffaf18d4fdb39a4aedc80c7985843f6b87a02e36c69dcb00f3cb01a619a77779" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "1f9e26333b637ef9beb8881c63f9412b07c47a276af0e242062a54026bcee2bd", - "sha3_256_hash_of_secret_key": "f7f38ae2caba6d7e87b7bee8b127a9aecbc0b795345952d65bb4435e3720f89d", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "c42f9beac87086ca603d95377c5e539735752eee043653fbacef0d2824b91d86", - "shared_secret": "1b37c256820ae408a0005a1fe7461d54e53813e6e7ad58ca3dde46a53a44590c" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "64b9f8198bab9b3b2f2a1704cd4ddf6b3cbc216ddc0f062a72ef40115917fd21", - "sha3_256_hash_of_secret_key": "a3cf5841bedd9be95061b910333190834063e5cbcf0fd32673f8cf3f6b548d17", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "056998cb46e48667cb4bda6dfcff9321219b13fb1a682e90bfba6ca025bbe6df", - "shared_secret": "12871c83c35db351c2c0b4afe0f0ce9fe1f21fdfbe8c18a485d5c1292faa531c" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "de4ce515b882c849717a1ab34f2ac0238c868f415630c1155bcfb302d346dc91", - "sha3_256_hash_of_secret_key": "4b917d9daddcdc932fe0448063a24a592edbb0e6e40b5b53812f20a4cff7a0a3", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "e4eec4f31749692984bee94c59e2947afc769197fc18b20d2e34ec92e7d15ae1", - "shared_secret": "adf49431dcdeb29f729459cbf3c2b94151005c7b841eac921a71262d65dcff99" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "93b60f0d00c09af885b5a0cbe942fde6afc4841428104710823bdcc12319eb35", - "sha3_256_hash_of_secret_key": "953ab28bf8cf18e86b8c80efae0bb47582d720e787fd2af27d9789c1ffb7ea1c", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "ed5b2ff1ee4222029e7c0d858da6ff1a1417a74a501b80d1b5b6a4941329e892", - "shared_secret": "35e1521271e7ab9931b2c25d75f0f09a89b3f83a6bb62ceb99e8e00c5cf78afb" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "167a2fec4d72cac2ffd844246eebabdac0c074e4f984433744e31d299faa389c", - "sha3_256_hash_of_secret_key": "9afc4ddea68ca10e36d9b12d3c34595912eaafed49d8ffce01cbed09501f7527", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "a076b58fa98a7282c2cedc1e93c1473dd15b15c1ecef192955d8a813180b3217", - "shared_secret": "715519f07b29bbecfc0776e35417558e3bc50c76b8da6fd4c99391b7bc7873cf" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "955468734662471c953fa516b35b3a53053ff396b7e2798fe07a2ecd549d6c06", - "sha3_256_hash_of_secret_key": "8bbc886fcb7516e7888880921abfaa72823ace9d50cf0afc2f68c4a7c3dd2e53", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "87914dbce6a365f7335188d83f2394b0fdafc9b0676c022608401cd93d294f36", - "shared_secret": "5a4ba3737140bf227c0e618f74191b3de1c1b8e24b032036942de66a13ef5a91" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "f7310c0531060051469ffcd2f88e3200bec6c721bca1fa4c9e7bf1773d7ccb19", - "sha3_256_hash_of_secret_key": "16c976495bbd05ee6715f30a9323aa41ecc320e2e63479148ab3a51132afd7b5", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "37ff2acef57d0665358cc5ec7f489160d602d41c21cbb3332670f3cf0044fc39", - "shared_secret": "87528a4a961de06d5856004eba20a44590a1bd88318fcd1ae1dbfbfd41f152b0" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "152c13a9a4dfbade0f98e8a5136358f69c93f0722addc008952cf72e1bf350b1", - "sha3_256_hash_of_secret_key": "b93c3fb9dbddaa560dd52c6a1c37f6aeb2111e46b7b746419e3c27fa43a27211", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "b62ee0b20daf3a87406f7f8428d6dac79ad5f95c225956a564f896658ed51eee", - "shared_secret": "3652a13e36459a324958a2c45328fe4ca6163ba833400e643b0a6e51bbc594fe" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "97e5b18cff525ef46fd8a6aa6e5e4b8d953fe1e67b5771d1b99ff18e754553be", - "sha3_256_hash_of_secret_key": "55102f3a620209b46e41531919a1b6f091c86bbcc5bdcb52b18f9a070680bd66", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6d20fbb0cf418e91e295f391160df696348b3fa99542d12584c0da554b96153d", - "shared_secret": "c07d965e4a87e89e9fd5db44cdf225b20157a6842e2862ecb4f72d8aac933c2b" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "7b5c67fa6e0ff374f691540fff0b4d14d4ed8a8a8c48b14b2a35facb413a5ee6", - "sha3_256_hash_of_secret_key": "449e7b1644520512fa25ea48f468ce9f866ea08178e814f11561efd4e4aad792", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e4f728484e23e99dcd35c5d3ca6d62e3a829e60a784faec5dd9fbb2d0cfa8bd7", - "shared_secret": "a502041eee317af1e9e6f9a9c12cc98415b358ff179d4d64ba5b7463a1f33b0d" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "8e49b73bae3b0285bbe1676eb6fad2641e7354e4c0a4feb0b74bb16708b01351", - "sha3_256_hash_of_secret_key": "23a598fad0141bdf07257c662d22549343a01d75eea9c1ebcdeb4a138c6e215c", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "cb2c217f6ad9c504c9fec4750db44d2c339017542da415ad81094290006e9273", - "shared_secret": "a354e870cd600e5a5951aad3491c31a80b0545c1662f830d7f0b6d144ed3733b" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "f5de62d662f480d4ed8ba235b4aaa4bfff19edebbbfbd96e5a9b7c4e89365c3e", - "sha3_256_hash_of_secret_key": "583ad55aa14bd6a4310d3ab7aa619cf59c93906251f5721a0bf880a866517f70", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "a9f97b3e253dcb15c8ef4c5576786d967e504e8f76c0bf46e051b8f123fce22d", - "shared_secret": "cd98ddb938549cc7c4fe56cda7f3ef213f1aea49fed4fb81b940c7e894be1e54" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "ec2fc5834e128c5e1460d8cb0c35ab340d706a6c8b52070a7e41a6405fada53f", - "sha3_256_hash_of_secret_key": "954a43f78ef0b5a279c0d020c08d930cc5e83a385c09afed508f9ef6f1a27920", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "f137abde6208e2c014a5a7eb1aac7b910a21df3a7dff68dcc40cba4f34b839d1", - "shared_secret": "e0d0d574b1287716bd7e0a44feea36ec28469bd36713fa8a53b0a104f322016f" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5e7f49b87bb2319dba8d3485fe814aedb0b43173bc48f3a793554c3e8bf90c17", - "sha3_256_hash_of_secret_key": "74eb7c05fedc78406453b8f021f8a71cce4b3ad0c4d38bc8d581000a38908574", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "2018b7eddcf255f6a171af914ef44153fd60976c5c7368998a218b1d81e34e33", - "shared_secret": "bd97eac1e35a06536e713a2ca5e71e35277b948172cafef0c35e1558efb61676" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "e3f73c56254fac37209f5a59818fbaabf5abff3320b0b3ee00e20679b5728c12", - "sha3_256_hash_of_secret_key": "1e1cff1c4e09318bdc174bff8ef0817d6e7414355adf930bb35e71a7a0b95abf", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "d641fde487a3659350dc41f329e0d41741bd4389346da9270eda4f5829ce9ee3", - "shared_secret": "2ed540764a77b17c6b9608bf86d8d8703f80718044d52dc79cbc1838f91fdd7a" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "bc0a40ba03d27bbbfb91654fdcfab2dfb3e94d9607b99c1d7da1f2663bfa2598", - "sha3_256_hash_of_secret_key": "dd55c195b92ff410b9ea37577ddba0385bbf067b3053b0a678e8106c07b98c9e", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "7387b045cefcf3d2c659171ee41acf3857b9f63f1ba20c3f0832cfe41a26ef75", - "shared_secret": "1e5ba1b64fa8ad0494c96ba27e288ee2b479c24634285f8919e58e9b9c8be78b" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "e16da7f99bb7bceb75a6468a921ab9fe53aab2972ca616ee10697c204df1e350", - "sha3_256_hash_of_secret_key": "2db70f5bb4e8927fd7696a4d802817fa58c43f9b2618ed27c7584cce8acf3506", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "0159f5e60336eec1fda83aeffbee92eddfcac6f92b0fef7a4a38fb20d1a771ca", - "shared_secret": "96ba12c7f8a0d864ce1434b789c09753c2d1f7ade6a5a0e679ce2ea0b6d66c83" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "fb80edf4f67823ff4e53a8963a9c9937fa9f8e014b750e11b4c4bb1a361d6484", - "sha3_256_hash_of_secret_key": "fe67beff69ea75d4953d71c038559591b2a0349ddcdfeaf7596dcd02f57db2b9", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "6e68fe27fe416c12819fa8a48eb29351d1d74a9200c408b55294ea374046c3d3", - "shared_secret": "07dfc04ebbb7ae537b594210a9180f647d3d385d1c1bb56abb8174111eb246df" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "d9f630c3838eb161374710d9f01bc70d4ef928fcb1c38bed93e30f3633a05e01", - "sha3_256_hash_of_secret_key": "ca4a4ab954c3a4c8b960fdfb7dd7cf5e8d103f7936f31e720e5043010926829f", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "3b6a1f5d06cd55c98ce6f4dc5b17fce8cb05b33b1d89b618a027e4478d8b5e69", - "shared_secret": "81fdb9267988ad39ab57e2fc8d4c280e0000dac3471b0936083aec68b49fd92b" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "5c27fa929adc826f98fbf0a7fdce33c8f215b34e70450da0767240741894ffa4", - "sha3_256_hash_of_secret_key": "0116eb35f3138aa7371a058661a92a4bde258f823747b70ad40767c27d7bc7f4", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "83f17a1e23402e14a58a32343e1083434eb10b90a8080d01ba112b83ba15f7f4", - "shared_secret": "703958ce09d7d6a5bb09e88de8df95c8ee2598544d50193be50534947530fa37" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "dd8aa653122eb5e3a4c3c877e95e8ecfcfef1ac9e0e6af92cce8ee89d09188fa", - "sha3_256_hash_of_secret_key": "8a5fbb715cf44c86b736227e56b53d91ebbea432fb1f1d6d7cafe42da8457b2c", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "862f660f11fb4252070e948ea2c141202246d5117ec151e6d5fcd0783bd76bb9", - "shared_secret": "c86d221cbc5ff6a994d9111acbfff23f7dc0cd934412b17d89f0f27e3cbd1a15" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "b7c80e434104e9838cb08529592a5f81b0e8ead186663db8facc569b09e75c9a", - "sha3_256_hash_of_secret_key": "c5f84c36f3b8af4b4d90a040d929b116b402840f487d437f9b330f6ff3ec36fc", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "a372aefe804077da915a423dad55b76ff08a58d222aa66305599ff301128ae13", - "shared_secret": "c0146ba47b3d4178919879721f69ac896d6911d6e86de1e8f05797d467053222" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "e619285c692532735f1582d227b9a9e77b1eae4aab9eaa79f6ce7ac2fcac8318", - "sha3_256_hash_of_secret_key": "2d4ae4f98c61bd104fbc1ef512b946202f95ecaa0ad7353a686141be5fe18116", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "462b78ef50b2c1ce761fa7750ab5ed2a7315e474a92ddae74bd23013b0d9ad0a", - "shared_secret": "a33f72941e0947735925e5be668b3481e0cece75ef48ae6db0d66f0fb2ec428e" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "dd3761c0e96678a959f30997e96d6a59858528c5e10234398e2da2e50ffcc517", - "sha3_256_hash_of_secret_key": "c6f5f9285f93d2ee6d180353799df5fea713870ca06de901e9c12e8a01ead6b6", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "2e552ce25fe0771bfa135939d85bd68ed07959709da470df50be36aa8ab2890d", - "shared_secret": "3d77b9b4ade74443fc573c393b82c0cfd2bc2769327f273c14e66eab9f8d9ebc" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "6d9e513a7cd137583507ad7256844bcb9775ca82ef5f411331a7c37ce451181f", - "sha3_256_hash_of_secret_key": "1dd2623a7413ff14549690b642fe90ce16ebe7acea38be795a4936b8d86b93aa", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "b4c64b73ba056f9ee7c3587ba0825bcc7172a6da749cdd86c1ef60cf84515883", - "shared_secret": "812d6c4becfdd4a95f234e8fcae1d9b316266d1c519545bbb7fab8a19f3519e0" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "b252e5abf757e116a92518eb72df9f9ce66b07edf4d31be225585a6a827a35b8", - "sha3_256_hash_of_secret_key": "45ac74f2a699f1e3559e2d1442638290029688cec3da96c58ea697e1ed1d4178", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "4dae8b2d08afb311ef727118966c6c17652f1464e6cdd26ac23551d31b013415", - "shared_secret": "c8757f45a1e334ad99a0d2adf12e79ef2bcb96ea1876bc29a4ec5cd660923d82" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "18c081231277f424c5f3f1f6b4db91958611fa28bcf09ccb2573da64547e1958", - "sha3_256_hash_of_secret_key": "f32167b39e19dbc0db58a5eb79e735337ffe154c75b0f2c091e009d0cec366d2", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "3a246e10c7c20d77a9e4bd6d3a90d73ae456501dc989210c798293d0b449852c", - "shared_secret": "be765dc236062da9d3fef68c645b9a8a5494c351d37790c1e7cd1089d97971b3" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "0ac7db13184d6ae6e21a14a63a2ab3d6d5d1ee7f4a6011413a0295b752fd2c28", - "sha3_256_hash_of_secret_key": "f69bacdf5992e64369aa4325b70af9f0e8a399cadafe48d854c288cc4eec627e", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "d4200c5ed5cb4e30e8e74a5c8c30eacd48014d326ae72f73618c5680f04999d8", - "shared_secret": "e72888e8dc5fe30f0a9c01e2e4599a7046147a81da280c393a48bee1b43bbb5b" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "27ea5a76294070ab10a6edc502d82be3d240672e5fa61377e73e5e19d11f64a3", - "sha3_256_hash_of_secret_key": "33161a2b269ff022ff4699b05ac7fac1374d733e46800447164d3e528ff89dc4", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "8995a8a9b59bd5adbe1fa10cc20da5348737cce9088be7eb0ba1f6215d68b9a9", - "shared_secret": "e3f13c77fa9eb329c218e1bd5823d6e07249fa1b455770ae57b2a00aa8c69c5d" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "9898462f05bea461adb40faacdfdde363c06f58bc756f0a8417df63a66d3a544", - "sha3_256_hash_of_secret_key": "e10192b72796b2da465303c0bbe16f1e23e08f9680ba92fc22d568ac84352113", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "573aa757ef6fa5110ba7b948c325718f87c6bc9ccd596debff4e6c7dac1fa8f5", - "shared_secret": "a8498502e012b5cd006e77fcbb9fab801dc3748a0da37587dcd41310fa945e09" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "a24e6203d9b1aa5cd06c44f048da7225e33952617f12b4289494b3969857c2ff", - "sha3_256_hash_of_secret_key": "61f1e3b3a9ce59d25480d88dac106cebc81272c0c9449c9b22048f67419d940a", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "7f92312ab16635c5e90a6d41ac65e594e37754359331b0814e09da9c7eb945e7", - "shared_secret": "780b2d0ea585a6ea41dcf43197b9ca4648454e30a3057f0d47f6e79a2bbc365e" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "cb2e9159ab5225a75d02268af2dac89a0afb33fe83a45f552e2bf542868c0683", - "sha3_256_hash_of_secret_key": "d2ce7cdfbe3ac715b2c87b1231fe46d5385a77caab367570a955bb562d23183c", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "1113b9a38ec4629ad20ecb594b64ba242a5a4db7bdf32914f9eb34ecc76c4a1c", - "shared_secret": "7832b351d71984cb60e6e548e5b4edeedf9749f8b3bc96fd208b6bb557251de8" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "7f8d36076b3a8aa13b633650726f7e907806a0573402ef3af129f611def1a813", - "sha3_256_hash_of_secret_key": "0b38e04daf35259696487ffaad947f481756bc3e94dd1a73b81bf8a6da4a43c3", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "eefa4d255cbd39fb5686d14a6a574d4c75c6b138a45a09cec12287c281cc00e8", - "shared_secret": "468ee020867cb766cd0a9ce1bfe9e7dbb56ae66c131a4540f211837c1779e11f" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "ff2044ee6a3bfd4f7033dc4bbd6283b534cd3fbbf1c4af072fea1ba37d3262d5", - "sha3_256_hash_of_secret_key": "ed62dbd78c007d385c786f2607715a69a44804c4e88111861d175875bc0b09ee", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "d16b23897beae9fb1a6ca746d3c15ef52c8ac454cd518d5a90a561cb588a0260", - "shared_secret": "f04a17a3737285f2257a6374a0057776ea24bd731724851d12ac2e06e959fa26" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "c7ca6ebbe17f30f8ce49e15c40c1ea5456f43624148eaecc9f3018f7beb96bdf", - "sha3_256_hash_of_secret_key": "7886dadfd208ab926afd2376dc11a004d8b793d7a30623df27109f9a4d4b0916", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "4fdbbb522c23abd8a69c583c2c68ddc28fa4da85a6bf208a22d19e7ef40d98b3", - "shared_secret": "fcfab6cb3daf0c64b4ce007499f097f6421e00905fd4daca7da7a29b9c8f6325" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "61fb6cfc0f388e34fb28ed783c2733453005eea03d3fee4b01bb6364abc01c30", - "sha3_256_hash_of_secret_key": "b724f25cf64bdaab1cd29c9cd1f8ee6cf4104c26fa3caf53b77d61cb5c35222e", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "5ce7558ab39d932fd35fc346aaea5aff4bc90e65c17b5760996e84687dcb5402", - "shared_secret": "dbf4cd1f5cddf15322449ddfe147ae0605d0315ff9da6421069b47c3a67a65c4" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "9333445958cf50f9cfba453f058f562158bc253e535e4e2f07715531a1c6289e", - "sha3_256_hash_of_secret_key": "9bb80f6928e0d09847b4c7e77ba6bf2cd0f75bdd147e884b92d3c3f2e9d839d6", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "57651b24ece777c321c6e59ba774951e2a3c4720d370e3af928238ff60c9565d", - "shared_secret": "3f4848a2de1cdd8a0403da22f609809a20c2cfc0ae619be0cac350897fead710" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "ee6cb12a54341aeedc99f1040b01603c35f07c5487ffac7b4fc1925f49026916", - "sha3_256_hash_of_secret_key": "4e498a0606b1f9cd72b9d2493428730712bdaa4a7fed8099b15d9e2873bbdf7e", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "1fb55bc4e6d95931087b23945ce9448207fbbc14bd284f6bcda65fcf31d68fdc", - "shared_secret": "eed5b71764da1763a01184a1eb51dedb4eaa9dae7890b1c7dbc7e7132c30e737" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "42ad42d6d3b13c72b16287909bc4c0da04900536a1e48a1a28db4f5ee2d2e771", - "sha3_256_hash_of_secret_key": "d6f909b6679487a8718c843c4b894785ee046c4d86ad2794c22ee912113dad1f", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "54043d4b2be7ecb264847dd0bcde9076523e798aeee942be82d61d51ef0253c1", - "shared_secret": "4218fc9abb402e67ac946c7a7c6f9029108f67de469e1a9987d570f011b685c3" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "5b70c5bb1b7af3b643588aa7c20567d4259dbe6abd7617a61b48185de8f21e1c", - "sha3_256_hash_of_secret_key": "f03297b8577b131e39946a288f7ca9070e70c1e00e6ff126543556f60dbafead", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "c3d51c14b28feb48ee67945a2f9e2ababb8682a839ca1148ddc99f909e8c0bc1", - "shared_secret": "95a33968866dadc1fd8748768a99f6bb444e3d76a65ec5fee0c8a833978d4585" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "01782fce09e644e310c9286f1e381be9ea8c54a1804e61f2958c1f975aec185a", - "sha3_256_hash_of_secret_key": "3d1b220e747de4ca99a9882a00860ed00abcf2e6eea60cba5194977f97c87770", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "8dbc778809c9cb1de5301be5bce766f1acd7d8f74ecf30619c398250def57d74", - "shared_secret": "c9423277519ab439fca3f5fab4c29c8123a55eaf37d94d70e27afffeec1b3b9b" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_kats/nistkats_768.json b/kyber-crate-tests/kyber_kats/nistkats_768.json deleted file mode 100644 index 7b668915c..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_768.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_nistkats.rs b/kyber-crate-tests/kyber_nistkats.rs deleted file mode 100644 index 5f7ef9005..000000000 --- a/kyber-crate-tests/kyber_nistkats.rs +++ /dev/null @@ -1,78 +0,0 @@ -use serde::Deserialize; -use serde_json; - -use std::path::Path; -use std::{fs::File, io::BufReader}; - -use libcrux::digest; - -use libcrux_kyber::kyber768::*; - -#[derive(Deserialize)] -struct KyberNISTKAT { - #[serde(with = "hex::serde")] - key_generation_seed: [u8; 64], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_public_key: [u8; 32], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_secret_key: [u8; 32], - - #[serde(with = "hex::serde")] - encapsulation_seed: [u8; 32], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_ciphertext: [u8; 32], - - #[serde(with = "hex::serde")] - shared_secret: [u8; 32], -} - -macro_rules! impl_nist_known_answer_tests { - ($name:ident, $parameter_set: literal, $key_gen_derand:expr, $encapsulate_derand:expr, $decapsulate_derand: expr) => { - #[test] - fn $name() { - let katfile_path = Path::new("tests") - .join("kyber_kats") - .join(format!("nistkats_{}.json", $parameter_set)); - let katfile = File::open(katfile_path).expect("Could not open KAT file."); - let reader = BufReader::new(katfile); - - let nist_kats: Vec = - serde_json::from_reader(reader).expect("Could not deserialize KAT file."); - - for kat in nist_kats { - eprintln!("seed: {}", hex::encode(kat.key_generation_seed)); - let key_pair = $key_gen_derand(kat.key_generation_seed); - - eprintln!("pk: {}", hex::encode(key_pair.pk())); - eprintln!("sk: {}", hex::encode(key_pair.sk())); - let public_key_hash = digest::sha3_256(key_pair.pk()); - let secret_key_hash = digest::sha3_256(key_pair.sk()); - - assert_eq!(public_key_hash, kat.sha3_256_hash_of_public_key, "public keys don't match"); - assert_eq!(secret_key_hash, kat.sha3_256_hash_of_secret_key, "secret keys don't match"); - - let (ciphertext, shared_secret) = - $encapsulate_derand(key_pair.public_key(), kat.encapsulation_seed); - let ciphertext_hash = digest::sha3_256(ciphertext.as_ref()); - - assert_eq!(ciphertext_hash, kat.sha3_256_hash_of_ciphertext, "ciphertexts don't match"); - assert_eq!(shared_secret.as_ref(), kat.shared_secret, "shared secret produced by encapsulate does not match"); - - let shared_secret_from_decapsulate = - $decapsulate_derand(key_pair.private_key(), &ciphertext); - assert_eq!(shared_secret_from_decapsulate, shared_secret.as_ref(), "shared secret produced by decapsulate doesn't match the one produced by encapsulate"); - } - } - }; -} - -impl_nist_known_answer_tests!( - kyber768_nist_known_answer_tests, - 768, - generate_key_pair, - encapsulate, - decapsulate -); diff --git a/kyber-crate.sh b/kyber-crate.sh deleted file mode 100755 index 289058737..000000000 --- a/kyber-crate.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -set -e - -rm -rf kyber-crate -mkdir -p kyber-crate/src -cp -r src/kem/kyber* kyber-crate/src -cd kyber-crate -mv src/kyber.rs src/lib.rs -mv src/kyber/* src - -SED=$(which gsed &>/dev/null && echo gsed || echo sed) - -cat >Cargo.toml <src/hax_utils.rs < {}; -} - -pub(crate) use hax_debug_assert; -EOF - -$SED -i '1ipub(crate) mod hax_utils;' src/lib.rs - -mkdir -p tests -cp -r ../kyber-crate-tests/* tests/ -rm src/kyber512.rs -rm src/kyber1024.rs - -# Build & test -cargo test - -# Extract -if [[ -z "$CHARON_HOME" ]]; then - echo "Please set CHARON_HOME to the Charon directory" 1>&2 - exit 1 -fi -if [[ -z "$EURYDICE_HOME" ]]; then - echo "Please set EURYDICE_HOME to the Eurydice directory" 1>&2 - exit 1 -fi - -echo "Running charon ..." -$CHARON_HOME/bin/charon --errors-as-warnings -mkdir -p c -cd c - -echo "Running eurydice ..." -$EURYDICE_HOME/eurydice --config ../../kyber-c.yaml ../libcrux_kyber.llbc -cp $EURYDICE_HOME/include/eurydice_glue.h . - -if [[ -n "$HACL_PACKAGES_HOME" ]]; then - clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h - cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ - cp *.h $HACL_PACKAGES_HOME/libcrux/include - cp *.c $HACL_PACKAGES_HOME/libcrux/src -else - echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -fi diff --git a/libcrux-simd/Cargo.toml b/libcrux-simd/Cargo.toml deleted file mode 100644 index 42d4846bf..000000000 --- a/libcrux-simd/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "libcrux-simd" -version.workspace = true -authors.workspace = true -license.workspace = true -homepage.workspace = true -edition.workspace = true -repository.workspace = true -readme.workspace = true - -[dependencies] -libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } - -[features] -simd128 = [] -simd256 = [] diff --git a/libcrux-simd/src/aarch64.rs b/libcrux-simd/src/aarch64.rs deleted file mode 100644 index 325dc3014..000000000 --- a/libcrux-simd/src/aarch64.rs +++ /dev/null @@ -1,130 +0,0 @@ -use core::arch::aarch64::*; - -/// A 128-bit integer type for SIMD instructions. -pub type Vec128 = uint32x4_t; - -/// We can't compute on a const `N`. So this is a little ugly. -/// Ensure that the `N` you provide is handled here. -/// -/// 16 is handled differently because it's more efficient this way. -#[inline(always)] -pub fn rotate_left128_u32(a: Vec128, n: u32) -> Vec128 { - assert!(n >= 1 && n <= 32); - match n { - 7 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 7), a, 32 - 7) }, - 8 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 8), a, 32 - 8) }, - 12 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 12), a, 32 - 12) }, - 16 => unsafe { vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(a))) }, - _ => unimplemented!(), - } -} - -#[inline(always)] -pub fn rotate_left128_u32_16(a: Vec128) -> Vec128 { - unsafe { vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(a))) } -} - -#[inline(always)] -pub fn rotate_left128_u32_12(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 12), a, 32 - 12) } -} - -#[inline(always)] -pub fn rotate_left128_u32_8(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 8), a, 32 - 8) } -} - -#[inline(always)] -pub fn rotate_left128_u32_7(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 7), a, 32 - 7) } -} - -#[inline(always)] -pub fn add32(a: Vec128, b: Vec128) -> Vec128 { - unsafe { vaddq_u32(a, b) } -} - -#[inline(always)] -pub fn xor32(a: Vec128, b: Vec128) -> Vec128 { - unsafe { veorq_u32(a, b) } -} - -#[inline(always)] -pub fn load32(x: u32) -> Vec128 { - unsafe { vdupq_n_u32(x) } -} - -#[inline(always)] -// 16 u8, interpreted as 4 u32 -pub fn load8_32_le(value: &[u8]) -> Vec128 { - unsafe { vld1q_u32(value.as_ptr() as *const u32) } -} - -/// Load a `u8` slice into 4 `u32`. -/// -/// The slice must be `value.len() <= 4 * 4`. -/// When the slice is shorter, it is padded with `0`s. -#[inline(always)] -pub fn u32_from_le_bytes(value: &[u8]) -> Vec128 { - let mut padded = [0u8; 16]; - padded[0..value.len()].copy_from_slice(value); - load8_32_le(&padded) -} - -#[inline(always)] -// 4 u32, interpreted as 4 u32 -pub fn load32_le(values: [u32; 4]) -> Vec128 { - unsafe { vld1q_u32(values.as_ptr() as *const u32) } -} - -#[inline(always)] -// store vec128 into u8 slice -pub fn store8_32_le(value: Vec128, out: &mut [u8; 16]) { - unsafe { vst1q_u32(out.as_mut_ptr() as *mut u32, value) } -} - -/// Store 4 `u32` into little endian bytes. -/// -/// When the output has less than 16 bytes left to write in, only the available -/// number of bytes are written. -#[inline(always)] -pub fn u32_to_le_bytes(out: &mut [u8], value: Vec128) { - let mut padded = [0u8; 16]; - store8_32_le_ip(&mut padded, value); - out.copy_from_slice(&padded[0..out.len()]); -} - -#[inline(always)] -pub fn store8_32_le_ip(out: &mut [u8], value: Vec128) { - unsafe { vst1q_u32(out.as_mut_ptr() as *mut u32, value) } -} - -#[inline(always)] -pub fn interleave_low64(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { - vreinterpretq_u32_u64(vzip1q_u64( - vreinterpretq_u64_u32(x1), - vreinterpretq_u64_u32(x2), - )) - } -} - -#[inline(always)] -pub fn interleave_high64(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { - vreinterpretq_u32_u64(vzip2q_u64( - vreinterpretq_u64_u32(x1), - vreinterpretq_u64_u32(x2), - )) - } -} - -#[inline(always)] -pub fn interleave_low32(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { vzip1q_u32(x1, x2) } -} - -#[inline(always)] -pub fn interleave_high32(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { vzip2q_u32(x1, x2) } -} diff --git a/libcrux-simd/src/lib.rs b/libcrux-simd/src/lib.rs deleted file mode 100644 index 6e98921d3..000000000 --- a/libcrux-simd/src/lib.rs +++ /dev/null @@ -1,12 +0,0 @@ -//! # Hardware abstraction -//! -//! This crate implements hardware abstraction for 128-bit and 256-bit SIMD on -//! x64 and aarch64. - -#![no_std] - -/// When we build for aarch64 and the simd128 config is enabled. -#[cfg(all(target_arch = "aarch64", feature = "simd128"))] -pub use aarch64; - -pub mod scalar; diff --git a/libcrux-simd/src/scalar.rs b/libcrux-simd/src/scalar.rs deleted file mode 100644 index 1903d1548..000000000 --- a/libcrux-simd/src/scalar.rs +++ /dev/null @@ -1,61 +0,0 @@ -#[inline(always)] -pub fn rotate_left128_u32(a: u32, n: u32) -> u32 { - a.rotate_left(n) -} - -#[inline(always)] -pub fn add32(a: u32, b: u32) -> u32 { - a.wrapping_add(b) -} - -#[inline(always)] -pub fn xor32(a: u32, b: u32) -> u32 { - a ^ b -} - -#[inline(always)] -pub fn load32(x: u32) -> u32 { - x -} - -#[inline(always)] -/// No-op -pub fn load32_le(values: [u32; 1]) -> u32 { - values[0] -} - -/// Load a `u8` slice into a `u32`. -/// -/// The slice must be `value.len() <= 4`. -/// When the slice is shorter, it is padded with `0`s. -#[inline(always)] -pub fn u32_from_le_bytes(value: &[u8]) -> u32 { - let mut padded = [0u8; 4]; - padded[0..value.len()].copy_from_slice(value); - load8_32_le(&padded) -} - -/// u32 from u8s le -#[inline(always)] -pub fn load8_32_le(value: &[u8]) -> u32 { - u32::from_le_bytes(value.try_into().unwrap()) -} - -/// Store a `u32` into little endian bytes. -/// -/// When the output has less than 4 bytes left to write in, only the available -/// number of bytes are written. -#[inline(always)] -pub fn u32_to_le_bytes(out: &mut [u8], value: u32) { - let mut padded = [0u8; 4]; - store8_32_le_ip(&mut padded, value); - out.copy_from_slice(&padded[0..out.len()]); -} - -#[inline(always)] -pub fn store8_32_le_ip(out: &mut [u8], value: u32) { - let tmp = value.to_le_bytes(); - for j in 0..4 { - out[j] = tmp[j]; - } -} diff --git a/polynomials-aarch64/src/neon.rs b/polynomials-aarch64/src/neon.rs deleted file mode 100644 index 88157fdf3..000000000 --- a/polynomials-aarch64/src/neon.rs +++ /dev/null @@ -1,282 +0,0 @@ -#![allow(non_camel_case_types)] -pub(crate) use core::arch::aarch64::*; - -#[inline(always)] -pub(crate) fn _vdupq_n_s16(i: i16) -> int16x8_t { - unsafe { vdupq_n_s16(i) } -} - -#[inline(always)] -pub(crate) fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { - unsafe { vst1q_s16(out.as_mut_ptr(), v) } -} - -#[inline(always)] -pub(crate) fn _vld1q_s16(array: &[i16]) -> int16x8_t { - unsafe { vld1q_s16(array.as_ptr()) } -} - -#[inline(always)] -pub(crate) fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { - unsafe { vaddq_s16(lhs, rhs) } -} - -#[inline(always)] -pub(crate) fn _vsubq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { - unsafe { vsubq_s16(lhs, rhs) } -} - -#[inline(always)] -pub(crate) fn _vmulq_n_s16(v: int16x8_t, c: i16) -> int16x8_t { - unsafe { vmulq_n_s16(v, c) } -} - -#[inline(always)] -pub(crate) fn _vmulq_n_u16(v: uint16x8_t, c: u16) -> uint16x8_t { - unsafe { vmulq_n_u16(v, c) } -} - -#[inline(always)] -pub(crate) fn _vshrq_n_s16(v: int16x8_t) -> int16x8_t { - unsafe { vshrq_n_s16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshrq_n_u16(v: uint16x8_t) -> uint16x8_t { - unsafe { vshrq_n_u16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { - unsafe { vshlq_n_s16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshlq_n_u32(v: uint32x4_t) -> uint32x4_t { - unsafe { vshlq_n_u32::(v) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_n_s16(k: int16x8_t, b: i16) -> int16x8_t { - unsafe { vqdmulhq_n_s16(k, b) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { - unsafe { vqdmulhq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uint16x8_t { - unsafe { vcgeq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vandq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u16(m0: uint16x8_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u16(m0) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uint16x8_t { - unsafe { vreinterpretq_u16_s16(m0) } -} -#[inline(always)] -pub(crate) fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { - unsafe { vmulq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { - unsafe { veorq_s16(mask, shifted) } -} -#[inline(always)] -pub(crate) fn _vdupq_n_u32(value: u32) -> uint32x4_t { - unsafe { vdupq_n_u32(value) } -} -#[inline(always)] -pub(crate) fn _vaddq_u32(compressed: uint32x4_t, half: uint32x4_t) -> uint32x4_t { - unsafe { vaddq_u32(compressed, half) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s32_u32(compressed: uint32x4_t) -> int32x4_t { - unsafe { vreinterpretq_s32_u32(compressed) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_n_s32(a: int32x4_t, b: i32) -> int32x4_t { - unsafe { vqdmulhq_n_s32(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_u32_s32(a: int32x4_t) -> uint32x4_t { - unsafe { vreinterpretq_u32_s32(a) } -} - -#[inline(always)] -pub(super) fn _vshrq_n_u32(a: uint32x4_t) -> uint32x4_t { - unsafe { vshrq_n_u32::(a) } -} -#[inline(always)] -pub(crate) fn _vandq_u32(a: uint32x4_t, b: uint32x4_t) -> uint32x4_t { - unsafe { vandq_u32(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u32_s16(a: int16x8_t) -> uint32x4_t { - unsafe { vreinterpretq_u32_s16(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u32(a: uint32x4_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u32(a) } -} -#[inline(always)] -pub(crate) fn _vtrn1q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vtrn1q_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vtrn2q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vtrn2q_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vmulq_n_u32(a: uint32x4_t, b: u32) -> uint32x4_t { - unsafe { vmulq_n_u32(a, b) } -} - -#[inline(always)] -pub(super) fn _vtrn1q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vtrn1q_s32(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_s32(a: int32x4_t) -> int16x8_t { - unsafe { vreinterpretq_s16_s32(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s32_s16(a: int16x8_t) -> int32x4_t { - unsafe { vreinterpretq_s32_s16(a) } -} - -#[inline(always)] -pub(super) fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vtrn2q_s32(a, b) } -} -#[inline(always)] -pub(crate) fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vtrn1q_s64(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { - unsafe { vreinterpretq_s16_s64(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { - unsafe { vreinterpretq_s64_s16(a) } -} -#[inline(always)] -pub(crate) fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vtrn2q_s64(a, b) } -} -#[inline(always)] -pub(crate) fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { - unsafe { vmull_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vget_low_s16(a: int16x8_t) -> int16x4_t { - unsafe { vget_low_s16(a) } -} -#[inline(always)] -pub(crate) fn _vmull_high_s16(a: int16x8_t, b: int16x8_t) -> int32x4_t { - unsafe { vmull_high_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vmlal_s16(a: int32x4_t, b: int16x4_t, c: int16x4_t) -> int32x4_t { - unsafe { vmlal_s16(a, b, c) } -} -#[inline(always)] -pub(crate) fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32x4_t { - unsafe { vmlal_high_s16(a, b, c) } -} -#[inline(always)] -pub(crate) fn _vld1q_u8(ptr: &[u8]) -> uint8x16_t { - unsafe { vld1q_u8(ptr.as_ptr()) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { - unsafe { vreinterpretq_u8_s16(a) } -} -#[inline(always)] -pub(crate) fn _vqtbl1q_u8(t: uint8x16_t, idx: uint8x16_t) -> uint8x16_t { - unsafe { vqtbl1q_u8(t, idx) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u8(a: uint8x16_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u8(a) } -} -#[inline(always)] -pub(crate) fn _vshlq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vshlq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vshlq_u16(a: uint16x8_t, b: int16x8_t) -> uint16x8_t { - unsafe { vshlq_u16(a, b) } -} -#[inline(always)] -pub(crate) fn _vaddv_u16(a: uint16x4_t) -> u16 { - unsafe { vaddv_u16(a) } -} -#[inline(always)] -pub(crate) fn _vget_low_u16(a: uint16x8_t) -> uint16x4_t { - unsafe { vget_low_u16(a) } -} -#[inline(always)] -pub(crate) fn _vget_high_u16(a: uint16x8_t) -> uint16x4_t { - unsafe { vget_high_u16(a) } -} -#[inline(always)] -pub(crate) fn _vaddvq_s16(a: int16x8_t) -> i16 { - unsafe { vaddvq_s16(a) } -} - -#[inline(always)] -pub(super) fn _vsliq_n_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vsliq_n_s32::(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_s64_s32(a: int32x4_t) -> int64x2_t { - unsafe { vreinterpretq_s64_s32(a) } -} - -#[inline(always)] -pub(super) fn _vsliq_n_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vsliq_n_s64::(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { - unsafe { vreinterpretq_u8_s64(a) } -} - -#[inline(always)] -pub(super) fn _vst1q_u8(out: &mut [u8], v: uint8x16_t) { - unsafe { vst1q_u8(out.as_mut_ptr(), v) } -} -#[inline(always)] -pub(crate) fn _vdupq_n_u16(value: u16) -> uint16x8_t { - unsafe { vdupq_n_u16(value) } -} -#[inline(always)] -pub(crate) fn _vandq_u16(a: uint16x8_t, b: uint16x8_t) -> uint16x8_t { - unsafe { vandq_u16(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uint16x8_t { - unsafe { vreinterpretq_u16_u8(a) } -} -#[inline(always)] -pub(crate) fn _vld1q_u16(ptr: &[u16]) -> uint16x8_t { - unsafe { vld1q_u16(ptr.as_ptr()) } -} -#[inline(always)] -pub(crate) fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uint16x8_t { - unsafe { vcleq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vaddvq_u16(a: uint16x8_t) -> u16 { - unsafe { vaddvq_u16(a) } -} diff --git a/polynomials-aarch64/src/rejsample.rs b/polynomials-aarch64/src/rejsample.rs deleted file mode 100644 index 64e64a0dc..000000000 --- a/polynomials-aarch64/src/rejsample.rs +++ /dev/null @@ -1,797 +0,0 @@ -#![forbid(unsafe_code)] - -use crate::neon::*; - -/// This table is taken from PQClean. It is used in rej_sample -// It implements the following logic: -// let mut index : [u8;16] = [0u8; 16]; -// let mut idx = 0; -// for i in 0..8 { -// if used > 0 { -// let next = used.trailing_zeros(); -// idx = idx + next; -// index[i*2] = (idx*2) as u8; -// index[i*2+1] = (idx*2 + 1) as u8; -// idx = idx + 1; -// used = used >> (next+1); -// } -// } -// let index_vec = unsafe { vld1q_u8(index.as_ptr() as *const u8) }; -// End of index table lookup calculation - -const IDX_TABLE: [[u8; 16]; 256] = [ - [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, - ], // 0 - [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 1 - [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 2 - [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 3 - [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 4 - [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 5 - [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 6 - [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 7 - [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 8 - [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 9 - [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 10 - [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 11 - [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 12 - [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 13 - [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 14 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 15 - [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 16 - [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 17 - [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 18 - [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 19 - [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 20 - [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 21 - [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 22 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 23 - [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 24 - [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 25 - [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 26 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 27 - [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 28 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 29 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 30 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 31 - [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 32 - [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 33 - [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 34 - [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 35 - [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 36 - [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 37 - [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 38 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 39 - [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 40 - [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 41 - [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 42 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 43 - [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 44 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 45 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 46 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 47 - [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 48 - [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 49 - [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 50 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 51 - [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 52 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 53 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 54 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 55 - [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 56 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 57 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 58 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 59 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 60 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 61 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 62 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], // 63 - [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 64 - [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 65 - [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 66 - [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 67 - [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 68 - [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 69 - [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 70 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 71 - [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 72 - [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 73 - [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 74 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 75 - [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 76 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 77 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 78 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 79 - [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 80 - [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 81 - [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 82 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 83 - [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 84 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 85 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 86 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 87 - [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 88 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 89 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 90 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 91 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 92 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 93 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 94 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], // 95 - [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 96 - [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 97 - [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 98 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 99 - [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 100 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 101 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 102 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 103 - [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 104 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 105 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 106 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 107 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 108 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 109 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 110 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 111 - [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 112 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 113 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 114 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 115 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 116 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 117 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 118 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 119 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 120 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 121 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 122 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 123 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 124 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 125 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 126 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], // 127 - [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 128 - [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 129 - [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 130 - [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 131 - [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 132 - [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 133 - [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 134 - [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 135 - [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 136 - [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 137 - [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 138 - [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 139 - [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 140 - [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 141 - [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 142 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 143 - [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 144 - [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 145 - [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 146 - [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 147 - [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 148 - [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 149 - [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 150 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 151 - [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 152 - [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 153 - [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 154 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 155 - [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 156 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 157 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 158 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], // 159 - [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 160 - [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 161 - [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 162 - [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 163 - [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 164 - [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 165 - [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 166 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 167 - [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 168 - [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 169 - [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 170 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 171 - [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 172 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 173 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 174 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 175 - [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 176 - [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 177 - [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 178 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 179 - [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 180 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 181 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 182 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 183 - [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 184 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 185 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 186 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 187 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 188 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 189 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 190 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], // 191 - [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 192 - [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 193 - [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 194 - [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 195 - [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 196 - [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 197 - [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 198 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 199 - [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 200 - [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 201 - [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 202 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 203 - [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 204 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 205 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 206 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 207 - [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 208 - [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 209 - [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 210 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 211 - [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 212 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 213 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 214 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 215 - [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 216 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 217 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 218 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 219 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 220 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 221 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 222 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], // 223 - [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 224 - [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 225 - [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 226 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 227 - [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 228 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 229 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 230 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 231 - [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 232 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 233 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 234 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 235 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 236 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 237 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 238 - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 239 - [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 240 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 241 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 242 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 243 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 244 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 245 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 246 - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 247 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 248 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 249 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 250 - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 251 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 252 - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 253 - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 254 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], // 255 -]; - -#[inline(always)] -pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { - let neon_bits: [u16; 8] = [0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80]; - let bits = _vld1q_u16(&neon_bits); - let fm = _vdupq_n_s16(3328); - - let input = super::simd128ops::deserialize_12(a); - let mask0 = _vcleq_s16(input.low, fm); - let mask1 = _vcleq_s16(input.high, fm); - let masked = _vandq_u16(mask0, bits); - let used0 = _vaddvq_u16(masked); - let masked = _vandq_u16(mask1, bits); - let used1 = _vaddvq_u16(masked); - let pick0 = used0.count_ones(); - let pick1 = used1.count_ones(); - - // XXX: the indices used0 and used1 must be < 256. - let index_vec0 = _vld1q_u8(&IDX_TABLE[(used0 as u8) as usize]); - let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); - let index_vec1 = _vld1q_u8(&IDX_TABLE[(used1 as u8) as usize]); - let shifted1 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); - - let idx0 = usize::try_from(pick0).unwrap(); - _vst1q_s16(&mut out[0..8], shifted0); - _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); - (pick0 + pick1) as usize -} diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst deleted file mode 100644 index cd19825be..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst +++ /dev/null @@ -1,159 +0,0 @@ -module Libcrux_polynomials_avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_BARRETT_MULTIPLIER: i16 = 20159s - -let add (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let bitwise_and_with_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let multiply_by_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let shift_left (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi16 v_SHIFT_BY vector - -let shift_right (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 v_SHIFT_BY vector - -/// See Section 3.2 of the implementation notes document for an explanation -/// of this code. -let barrett_reduce (vector: u8) : u8 = - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: u8) - in - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 t - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 512s <: u8) - in - let quotient:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 10l t in - let quotient_times_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 quotient - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector quotient_times_field_modulus - -let cond_subtract_3329_ (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let vv_minus_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector field_modulus - in - let sign_mask:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 15l vv_minus_field_modulus - in - let conditional_add_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 sign_mask field_modulus - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 vv_minus_field_modulus - conditional_add_field_modulus - -let montgomery_multiply_by_constant (vector: u8) (constant: i16) : u8 = - let constant:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant in - let value_low:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector constant - in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector constant - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_multiply_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_reduce_i32s (v: u8) : u8 = - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i32) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srli_epi32 16l v in - let result:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - in - let result:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l result in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi32 16l result - -let sub (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 lhs rhs - -let montgomery_multiply_m128i_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 value_high k_times_modulus diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst deleted file mode 100644 index 252e284a9..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - in - let two_pow_coefficient_bits:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (1l <=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi128_si256 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi256_si128 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cmpgt_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cvtepi16_epi32 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_loadu_si256 (input: t_Slice i16) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_madd_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mul_epu32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_packs_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permutevar8x32_epi32 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi32 (constant: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi16 - (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: - i16) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_setzero_si256 (_: Prims.unit) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_sllv_epi32 (vector counts: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 64l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 64" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_storeu_si256 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm256_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi64 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpacklo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_xor_si256 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_add_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_loadu_si128 (input: t_Slice u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_movemask_epi8 (vector: u8) : i32 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_packs_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set_epi8 - (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - u8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : t_Slice u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_storeu_si128 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 8 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst deleted file mode 100644 index 5b788b5ad..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let ntt_multiply__PERMUTE_WITH: i32 = 216l - -let inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) - 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 - 0s 0s zeta1 zeta1 0s 0s zeta0 zeta0 0s 0s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce sum in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 204l sum sum_times_zetas - -let inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s - 1s 1s (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s - 0s 0s zeta0 zeta0 zeta0 zeta0 0s 0s 0s 0s - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 240l sum sum_times_zetas - -let inv_ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 - <: - i16) (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) - (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 - <: - i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 - zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 238l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 68l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let shuffle_with:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y - 12y 9y 8y 5y 4y 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 lhs shuffle_with - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_evens - in - let lhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l lhs_shuffled - in - let lhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_odds in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs shuffle_with - in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_evens - in - let rhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l rhs_shuffled - in - let rhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_odds in - let left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_evens rhs_evens - in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_odds rhs_odds - in - let right:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s right in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 right - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast ( - zeta3 <: i16) - <: - i32) - <: - i32) - (cast (zeta3 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) - (cast (zeta2 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) - (cast (zeta1 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) - (cast (zeta0 <: i16) <: i32) - <: - u8) - in - let products_left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi32 left right - in - let products_left:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_left in - let rhs_adjacent_swapped:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y - 5y 4y 7y 6y 1y 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y - <: - u8) - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 lhs rhs_adjacent_swapped - in - let products_right:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_right - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l products_right - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 170l products_left products_right diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst deleted file mode 100644 index 541e25541..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst +++ /dev/null @@ -1,429 +0,0 @@ -module Libcrux_polynomials_avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -unfold -let t_FieldElement = i16 - -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -let from_i16_array (array: t_Array i16 (sz 16)) : t_PortableVector = - { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) : t_Array u8 (sz 22) = - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 0) - (cast (v.f_elements.[ sz 0 ] <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 1) - (((cast ((v.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 2) - (((cast ((v.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 3) - (cast (((v.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 4) - (((cast ((v.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 5) - (((cast ((v.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 6) - (((cast ((v.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 7) - (cast (((v.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 8) - (((cast ((v.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 9) - (((cast ((v.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 10) - (cast ((v.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 11) - (cast (v.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 12) - (((cast ((v.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 13) - (((cast ((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 14) - (cast (((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 15) - (((cast ((v.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 16) - (((cast ((v.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 17) - (((cast ((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 18) - (cast (((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 19) - (((cast ((v.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 20) - (((cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - <: - u8) - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 21) - (cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l <: i16) <: u8) - in - result - -let to_i16_array (v: t_PortableVector) : t_Array i16 (sz 16) = v.f_elements - -let zero (_: Prims.unit) : t_PortableVector = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) : t_PortableVector = - let result:t_PortableVector = zero () in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 0) - ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 2) - (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 3) - ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 4) - ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 5) - (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 6) - ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 7) - (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 8) - ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 10) - (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 11) - ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 12) - ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 13) - (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 14) - ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - <: - i16) - } - <: - t_PortableVector - in - let result:t_PortableVector = - { - result with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements - (sz 15) - (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) - <: - i16) - } - <: - t_PortableVector - in - result diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst deleted file mode 100644 index 65ce23750..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst +++ /dev/null @@ -1,2111 +0,0 @@ -module Libcrux_polynomials_avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = - let list = - [ - (let list = - [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); - Rust_primitives.Hax.array_of_list 256 list - -let rejection_sample (input: t_Slice u8) (output: t_Slice i16) : (t_Slice i16 & usize) = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let potential_coefficients:u8 = Libcrux_polynomials_avx2.Serialize.deserialize_12_ input in - let compare_with_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cmpgt_epi16 field_modulus - potential_coefficients - in - let good:t_Array u8 (sz 2) = - Libcrux_polynomials_avx2.Serialize.serialize_1_ compare_with_field_modulus - in - let lower_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] <: u8) <: usize ] - in - let lower_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - - <: - t_Slice u8) - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 potential_coefficients - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 lower_coefficients lower_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - lower_coefficients - <: - t_Slice i16) - in - let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize - in - let upper_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] <: u8) <: usize ] - in - let upper_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - - <: - t_Slice u8) - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l potential_coefficients - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 upper_coefficients upper_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - upper_coefficients - <: - t_Slice i16) - in - let hax_temp_output:usize = - sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) - in - output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst deleted file mode 100644 index f951730a4..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst +++ /dev/null @@ -1,557 +0,0 @@ -module Libcrux_polynomials_avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_1_ (bytes: t_Slice u8) : u8 = - let coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) - <: - i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) - in - let shift_lsb_to_msb:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) - in - serialized - -let serialize_10_ (vector: u8) : t_Array u8 (sz 20) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let adjacent_2_combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s < true); - f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); - f_ZERO = (fun (_: Prims.unit) -> zero ()); - f_to_i16_array_pre = (fun (v: t_SIMD256Vector) -> true); - f_to_i16_array_post = (fun (v: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); - f_to_i16_array = (fun (v: t_SIMD256Vector) -> to_i16_array v); - f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); - f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); - f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); - f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_add - = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.add lhs.f_elements rhs.f_elements } - <: - t_SIMD256Vector); - f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_sub - = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } - <: - t_SIMD256Vector); - f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); - f_multiply_by_constant_post = (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> true); - f_multiply_by_constant - = - (fun (v: t_SIMD256Vector) (c: i16) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.multiply_by_constant v.f_elements c } - <: - t_SIMD256Vector); - f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); - f_bitwise_and_with_constant_post - = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); - f_bitwise_and_with_constant - = - (fun (vector: t_SIMD256Vector) (constant: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant - } - <: - t_SIMD256Vector); - f_shift_right_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); - f_shift_right_post - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_shift_right - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> - { - f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements - } - <: - t_SIMD256Vector); - f_shift_left_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); - f_shift_left_post - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_shift_left - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_left v_SHIFT_BY vector.f_elements } - <: - t_SIMD256Vector); - f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); - f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_cond_subtract_3329_ - = - (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } - <: - t_SIMD256Vector); - f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); - f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_barrett_reduce - = - (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce vector.f_elements } - <: - t_SIMD256Vector); - f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); - f_montgomery_multiply_by_constant_post - = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); - f_montgomery_multiply_by_constant - = - (fun (vector: t_SIMD256Vector) (constant: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements - constant - } - <: - t_SIMD256Vector); - f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_compress_1_ - = - (fun (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.compress_message_coefficient vector.f_elements - } - <: - t_SIMD256Vector); - f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); - f_compress_post - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_compress - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS - vector.f_elements - } - <: - t_SIMD256Vector); - f_decompress_ciphertext_coefficient_pre - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); - f_decompress_ciphertext_coefficient_post - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_decompress_ciphertext_coefficient - = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - { - f_elements - = - Libcrux_polynomials_avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS - vector.f_elements - } - <: - t_SIMD256Vector); - f_ntt_layer_1_step_pre - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); - f_ntt_layer_1_step_post - = - (fun - (vector: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_ntt_layer_1_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 - } - <: - t_SIMD256Vector); - f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); - f_ntt_layer_2_step_post - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); - f_ntt_layer_2_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } - <: - t_SIMD256Vector); - f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); - f_ntt_layer_3_step_post - = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); - f_ntt_layer_3_step - = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } - <: - t_SIMD256Vector); - f_inv_ntt_layer_1_step_pre - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); - f_inv_ntt_layer_1_step_post - = - (fun - (vector: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_inv_ntt_layer_1_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_1_step vector.f_elements - zeta0 - zeta1 - zeta2 - zeta3 - } - <: - t_SIMD256Vector); - f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); - f_inv_ntt_layer_2_step_post - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); - f_inv_ntt_layer_2_step - = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 - } - <: - t_SIMD256Vector); - f_inv_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); - f_inv_ntt_layer_3_step_post - = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); - f_inv_ntt_layer_3_step - = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } - <: - t_SIMD256Vector); - f_ntt_multiply_pre - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - -> - true); - f_ntt_multiply_post - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - (out: t_SIMD256Vector) - -> - true); - f_ntt_multiply - = - (fun - (lhs: t_SIMD256Vector) - (rhs: t_SIMD256Vector) - (zeta0: i16) - (zeta1: i16) - (zeta2: i16) - (zeta3: i16) - -> - { - f_elements - = - Libcrux_polynomials_avx2.Ntt.ntt_multiply lhs.f_elements - rhs.f_elements - zeta0 - zeta1 - zeta2 - zeta3 - } - <: - t_SIMD256Vector); - f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); - f_serialize_1_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_1_ vector.f_elements); - f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_1_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); - f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); - f_serialize_4_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_4_ vector.f_elements); - f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_4_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); - f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); - f_serialize_5_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_5_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); - f_serialize_10_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_10_ vector.f_elements); - f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_10_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector - ); - f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); - f_serialize_11_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_11_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector - ); - f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); - f_serialize_12_ - = - (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_12_ vector.f_elements); - f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); - f_deserialize_12_ - = - (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector - ); - f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); - f_rej_sample_post - = - (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); - f_rej_sample - = - fun (input: t_Slice u8) (output: t_Slice i16) -> - let tmp0, out:(t_Slice i16 & usize) = - Libcrux_polynomials_avx2.Sampling.rejection_sample input output - in - let output:t_Slice i16 = tmp0 in - let hax_temp_output:usize = out in - output, hax_temp_output <: (t_Slice i16 & usize) - } diff --git a/polynomials-avx2/src/sampling.rs b/polynomials-avx2/src/sampling.rs deleted file mode 100644 index b4de11b48..000000000 --- a/polynomials-avx2/src/sampling.rs +++ /dev/null @@ -1,814 +0,0 @@ -use crate::{ - serialize::{deserialize_12, serialize_1}, - *, -}; - -use libcrux_traits::FIELD_MODULUS; - -const REJECTION_SAMPLE_SHUFFLE_TABLE: [[u8; 16]; 256] = [ - [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, - ], // 0 - [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 1 - [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 2 - [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 3 - [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 4 - [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 5 - [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 6 - [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 7 - [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 8 - [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 9 - [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 10 - [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 11 - [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 12 - [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 13 - [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 14 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 15 - [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 16 - [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 17 - [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 18 - [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 19 - [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 20 - [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 21 - [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 22 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 23 - [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 24 - [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 25 - [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 26 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 27 - [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 28 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 29 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 30 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 31 - [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 32 - [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 33 - [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 34 - [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 35 - [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 36 - [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 37 - [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 38 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 39 - [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 40 - [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 41 - [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 42 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 43 - [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 44 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 45 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 46 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 47 - [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 48 - [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 49 - [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 50 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 51 - [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 52 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 53 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 54 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 55 - [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 56 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 57 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 58 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 59 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 60 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 61 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 62 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], // 63 - [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 64 - [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 65 - [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 66 - [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 67 - [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 68 - [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 69 - [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 70 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 71 - [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 72 - [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 73 - [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 74 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 75 - [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 76 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 77 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 78 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 79 - [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 80 - [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 81 - [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 82 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 83 - [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 84 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 85 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 86 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 87 - [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 88 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 89 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 90 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 91 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 92 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 93 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 94 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], // 95 - [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 96 - [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 97 - [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 98 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 99 - [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 100 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 101 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 102 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 103 - [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 104 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 105 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 106 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 107 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 108 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 109 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 110 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 111 - [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 112 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 113 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 114 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 115 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 116 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 117 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 118 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 119 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 120 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 121 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 122 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 123 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 124 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 125 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 126 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], // 127 - [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 128 - [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 129 - [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 130 - [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 131 - [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 132 - [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 133 - [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 134 - [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 135 - [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 136 - [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 137 - [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 138 - [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 139 - [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 140 - [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 141 - [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 142 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 143 - [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 144 - [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 145 - [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 146 - [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 147 - [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 148 - [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 149 - [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 150 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 151 - [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 152 - [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 153 - [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 154 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 155 - [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 156 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 157 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 158 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], // 159 - [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 160 - [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 161 - [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 162 - [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 163 - [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 164 - [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 165 - [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 166 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 167 - [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 168 - [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 169 - [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 170 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 171 - [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 172 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 173 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 174 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 175 - [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 176 - [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 177 - [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 178 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 179 - [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 180 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 181 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 182 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 183 - [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 184 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 185 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 186 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 187 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 188 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 189 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 190 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], // 191 - [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 192 - [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 193 - [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 194 - [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 195 - [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 196 - [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 197 - [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 198 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 199 - [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 200 - [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 201 - [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 202 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 203 - [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 204 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 205 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 206 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 207 - [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 208 - [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 209 - [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 210 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 211 - [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 212 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 213 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 214 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 215 - [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 216 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 217 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 218 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 219 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 220 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 221 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 222 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], // 223 - [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 224 - [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 225 - [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 226 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 227 - [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 228 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 229 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 230 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 231 - [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 232 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 233 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 234 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 235 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 236 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 237 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 238 - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 239 - [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 240 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 241 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 242 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 243 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 244 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 245 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 246 - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 247 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 248 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 249 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 250 - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 251 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 252 - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 253 - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 254 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], // 255 -]; - -#[inline(always)] -pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { - let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - - // The input bytes can be interpreted as a sequence of serialized - // 12-bit (i.e. uncompressed) coefficients. Not all coefficients may be - // less than FIELD_MODULUS though. - let potential_coefficients = deserialize_12(input); - - // Suppose we view |potential_coefficients| as follows (grouping 64-bit elements): - // - // A B C D | E F G H | .... - // - // and A < 3329, D < 3329 and H < 3329, |compare_with_field_modulus| will look like: - // - // 0xFF 0 0 0xFF | 0 0 0 0xFF | ... - let compare_with_field_modulus = mm256_cmpgt_epi16(field_modulus, potential_coefficients); - - // Since every bit in each lane is either 0 or 1, we only need one bit from - // each lane in the register to tell us what coefficients to keep and what - // to throw-away. Combine all the bits (there are 16) into two bytes. - let good = serialize_1(compare_with_field_modulus); - - // Each bit (and its corresponding position) represents an element we - // want to sample. We'd like all such elements to be next to each other starting - // at index 0, so that they can be read from the vector easily. - // |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level shuffling indices - // needed to make this happen. - // - // For e.g. if good[0] = 0b0_0_0_0_0_0_1_0, we need to move the element in - // the 2-nd 16-bit lane to the first. To do this, we need the byte-level - // shuffle indices to be 2 3 X X X X ... - let lower_shuffles = REJECTION_SAMPLE_SHUFFLE_TABLE[good[0] as usize]; - - // Shuffle the lower 8 16-bits accordingly ... - let lower_shuffles = mm_loadu_si128(&lower_shuffles); - let lower_coefficients = mm256_castsi256_si128(potential_coefficients); - let lower_coefficients = mm_shuffle_epi8(lower_coefficients, lower_shuffles); - - // ... then write them out ... - mm_storeu_si128(&mut output[0..8], lower_coefficients); - - // ... and finally count the number of bits of |good[0]| so we know how many - // were actually sampled - let sampled_count = good[0].count_ones() as usize; - - // Do the same for |goood[1]| - let upper_shuffles = REJECTION_SAMPLE_SHUFFLE_TABLE[good[1] as usize]; - let upper_shuffles = mm_loadu_si128(&upper_shuffles); - let upper_coefficients = mm256_extracti128_si256::<1>(potential_coefficients); - let upper_coefficients = mm_shuffle_epi8(upper_coefficients, upper_shuffles); - - mm_storeu_si128( - &mut output[sampled_count..sampled_count + 8], - upper_coefficients, - ); - - sampled_count + (good[1].count_ones() as usize) -} From bc325018794e1fb6a85b951ed8a9a8bd79aea7f4 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 11 Jun 2024 11:24:09 +0200 Subject: [PATCH 51/74] re-extract F* --- .../extraction/Libcrux_intrinsics.Avx2.fsti | 199 + libcrux-ml-kem/hax.py | 97 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 11 +- .../Libcrux_ml_kem.Constant_time_ops.fsti | 18 +- .../extraction/Libcrux_ml_kem.Constants.fsti | 22 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 37 +- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 53 +- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 61 +- .../Libcrux_ml_kem.Hash_functions.fsti | 6 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 56 + ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 37 + ...ml_kem.Ind_cca.Instantiations.Portable.fst | 56 + ...l_kem.Ind_cca.Instantiations.Portable.fsti | 37 + .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 116 + .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 33 + .../extraction/Libcrux_ml_kem.Ind_cca.fst | 407 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 69 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 286 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 211 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 129 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 30 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 184 +- .../extraction/Libcrux_ml_kem.Matrix.fsti | 53 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 44 + .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 36 + .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 44 + .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 36 + .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 24 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 73 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 42 + .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 36 + .../Libcrux_ml_kem.Mlkem512.Portable.fst | 42 + .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 36 + .../extraction/Libcrux_ml_kem.Mlkem512.fst | 23 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 73 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 44 + .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 36 + .../Libcrux_ml_kem.Mlkem768.Portable.fst | 44 + .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 36 + .../extraction/Libcrux_ml_kem.Mlkem768.fst | 24 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 79 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 176 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 38 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 195 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 72 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 124 +- .../extraction/Libcrux_ml_kem.Sampling.fsti | 45 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 386 +- .../extraction/Libcrux_ml_kem.Serialize.fsti | 98 +- .../Libcrux_ml_kem.Types.Index_impls.fsti | 679 +++ .../fstar/extraction/Libcrux_ml_kem.Types.fst | 18 +- .../extraction/Libcrux_ml_kem.Types.fsti | 24 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 42 + .../extraction/Libcrux_ml_kem.Utils.fsti | 8 + .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 150 + ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 41 + .../Libcrux_ml_kem.Vector.Avx2.Compress.fst | 178 + .../Libcrux_ml_kem.Vector.Avx2.Compress.fsti | 20 + .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 211 + .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 27 + .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 423 ++ .../Libcrux_ml_kem.Vector.Avx2.Portable.fsti | 23 + .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 78 + .../Libcrux_ml_kem.Vector.Avx2.Sampling.fsti | 7 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 537 ++ .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 40 + .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 17 + .../Libcrux_ml_kem.Vector.Avx2.fsti | 394 ++ .../Libcrux_ml_kem.Vector.Portable.fsti | 6 + ...ibcrux_ml_kem.Vector.Rej_sample_table.fsti | 7 + .../Libcrux_ml_kem.Vector.Traits.fst | 32 + .../Libcrux_ml_kem.Vector.Traits.fsti | 202 + .../extraction/Libcrux_ml_kem.Vector.fst | 4871 +++++++++++++++++ .../extraction/Libcrux_ml_kem.Vector.fsti | 729 +++ .../Libcrux_sha3.Avx2.X4.Incremental.fsti | 46 + .../extraction/Libcrux_sha3.Avx2.X4.fsti | 15 + .../Libcrux_sha3.Generic_keccak.fst | 255 + .../Libcrux_sha3.Generic_keccak.fsti | 13 + .../Libcrux_sha3.Neon.X2.Incremental.fsti | 40 + .../extraction/Libcrux_sha3.Neon.X2.fsti | 14 + .../fstar/extraction/Libcrux_sha3.Neon.fsti | 24 + .../Libcrux_sha3.Portable.Incremental.fsti | 30 + .../extraction/Libcrux_sha3.Portable.fst | 34 + .../extraction/Libcrux_sha3.Portable.fsti | 26 + .../Libcrux_sha3.Portable_keccak.fst | 187 + .../Libcrux_sha3.Portable_keccak.fsti | 218 + .../extraction/Libcrux_sha3.Simd.Avx2.fst | 214 + .../extraction/Libcrux_sha3.Simd.Avx2.fsti | 256 + .../fstar/extraction/Libcrux_sha3.Traits.fst | 61 + .../fstar/extraction/Libcrux_sha3.Traits.fsti | 27 + .../proofs/fstar/extraction/Libcrux_sha3.fsti | 66 +- libcrux-sha3/src/generic_keccak.rs | 47 +- libcrux-sha3/src/portable_keccak.rs | 2 +- libcrux-sha3/src/simd/avx2.rs | 2 +- libcrux-sha3/src/traits.rs | 39 +- .../extraction/Libcrux_platform.X86.fsti | 51 + 96 files changed, 12947 insertions(+), 1598 deletions(-) create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti new file mode 100644 index 000000000..2a049de11 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti @@ -0,0 +1,199 @@ +module Libcrux_intrinsics.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_Vec128 = Core.Core_arch.X86.t____m128i + +unfold +let t_Vec256 = Core.Core_arch.X86.t____m256i + +val mm256_add_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_add_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_and_si256 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_andnot_si256 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_castsi128_si256 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_castsi256_si128 (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_cmpgt_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_cvtepi16_epi32 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_extracti128_si256 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_inserti128_si256 + (v_CONTROL: i32) + (vector: Core.Core_arch.X86.t____m256i) + (vector_i128: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_loadu_si256_i16 (input: t_Slice i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_loadu_si256_u8 (input: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_madd_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mul_epu32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mulhi_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mullo_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mullo_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_packs_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permute2x128_si256 (v_IMM8: i32) (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permutevar8x32_epi32 (vector control: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi16 (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi32 (constant: i32) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi64x (a: i64) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi16 + (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: + i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi8 + (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + i8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_setzero_si256: Prims.unit + -> Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_shuffle_epi8 (vector control: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi64 (v_LEFT: i32) (x: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_sllv_epi32 (vector counts: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val mm256_sub_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpackhi_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpackhi_epi64 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpacklo_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpacklo_epi64 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_xor_si256 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm_add_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_loadu_si128 (input: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_movemask_epi8 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val mm_mulhi_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_mullo_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_packs_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_set1_epi16 (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_set_epi8 + (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + u8) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_shuffle_epi8 (vector control: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val mm_storeu_si128 (output: t_Slice i16) (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +val mm_sub_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 4f919a746..dfe92840c 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -28,57 +28,81 @@ def shell(command, expect=0, cwd=None, env={}): class extractAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: - # Extract platform and sha3 interfaces - # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" - # interface_include = "+!**" - # cargo_hax_into = [ - # "cargo", - # "hax", - # "into", - # "-i", - # include_str, - # "fstar", - # "--interfaces", - # interface_include, - # ] - # hax_env = {} - # shell( - # cargo_hax_into, - # cwd="../libcrux-sha3", - # env=hax_env, - # ) - - # Extract avx2 - # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" - # interface_include = "+!**" + # Extract sha3 interfaces + includes = [ + "+:**", + "-libcrux_sha3::generic_keccak::**", + "+libcrux_sha3::generic_keccak::KeccakState", + "-libcrux_sha3::simd::**", + "-libcrux_sha3::portable_keccak::**", + "-libcrux_sha3::neon::keccakx2", + "-libcrux_sha3::portable::keccakx1", + "-libcrux_sha3::traits::internal::**", + ] + include_str = " ".join(includes) + interface_include = "+**" cargo_hax_into = [ "cargo", "hax", "into", + "-i", + include_str, "fstar", + "--interfaces", + interface_include, ] hax_env = {} shell( cargo_hax_into, - cwd="../polynomials-avx2", + cwd="../libcrux-sha3", env=hax_env, ) - # Extract ml-kem - includes = [ - "-libcrux_platform::macos_arm::*", - "+!libcrux_platform::platform::*", - "-libcrux_ml_kem::types::index_impls::**", + # Extract platform interfaces + include_str = "+:**" + interface_include = "+**" + cargo_hax_into = [ + "cargo", + "hax", + "into", + "-i", + include_str, + "fstar", + "--interfaces", + interface_include, ] - include_str = " ".join(includes) - interfaces = [ - "+*", - "-libcrux::kem::kyber::types", - "+!libcrux_platform::**", - "+!libcrux::digest::**", + hax_env = {} + shell( + cargo_hax_into, + cwd="../sys/platform", + env=hax_env, + ) + + # Extract intrinsics interfaces + include_str = "+:**" + interface_include = "+**" + cargo_hax_into = [ + "cargo", + "hax", + "into", + "-i", + include_str, + "fstar", + "--interfaces", + interface_include, ] - interface_include = " ".join(interfaces) + hax_env = {} + shell( + cargo_hax_into, + cwd="../libcrux-intrinsics", + env=hax_env, + ) + + # Extract ml-kem + include_str = "+:** -libcrux_ml_kem::types::index_impls::**" + interface_include = "+*" cargo_hax_into = [ "cargo", "hax", @@ -99,6 +123,7 @@ def __call__(self, parser, args, values, option_string=None) -> None: class proveAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: admit_env = {} if args.admit: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index e1d961468..410036b86 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -14,10 +14,9 @@ let is_non_zero (value: u8) = let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE } <: Core.Ops.Range.t_Range usize) <: @@ -34,7 +33,9 @@ let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index fa256358d..560d2964d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -3,35 +3,35 @@ module Libcrux_ml_kem.Constant_time_ops open Core open FStar.Mul -/// Return 1 if `value` is not zero and 0 otherwise. -val is_non_zero (value: u8) +/// Return 1 if the bytes of `lhs` and `rhs` do not exactly +/// match and 0 otherwise. +val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) : Prims.Pure u8 Prims.l_True (ensures fun result -> let result:u8 = result in - Hax_lib.implies (value =. 0uy <: bool) + Hax_lib.implies (lhs =. rhs <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 0uy <: bool) && - Hax_lib.implies (value <>. 0uy <: bool) + Hax_lib.implies (lhs <>. rhs <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 1uy <: bool)) -/// Return 1 if the bytes of `lhs` and `rhs` do not exactly -/// match and 0 otherwise. -val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) +/// Return 1 if `value` is not zero and 0 otherwise. +val is_non_zero (value: u8) : Prims.Pure u8 Prims.l_True (ensures fun result -> let result:u8 = result in - Hax_lib.implies (lhs =. rhs <: bool) + Hax_lib.implies (value =. 0uy <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 0uy <: bool) && - Hax_lib.implies (lhs <>. rhs <: bool) + Hax_lib.implies (value <>. 0uy <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 1uy <: bool)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 775204a6c..690228f5a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -4,27 +4,27 @@ open Core open FStar.Mul /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent -let v_BITS_PER_COEFFICIENT: usize = sz 12 - -/// Coefficients per ring element -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_BITS_PER_COEFFICIENT: usize = Rust_primitives.Hax.dropped_body /// Bits required per (uncompressed) ring element -let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 +let v_BITS_PER_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body /// Bytes required per (uncompressed) ring element -let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 +let v_BYTES_PER_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body + +/// Coefficients per ring element +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// SHA3 512 digest size -let v_G_DIGEST_SIZE: usize = sz 64 +let v_G_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body /// SHA3 256 digest size -let v_H_DIGEST_SIZE: usize = sz 32 +let v_H_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body /// The size of an ML-KEM shared secret. -let v_SHARED_SECRET_SIZE: usize = sz 32 +let v_SHARED_SECRET_SIZE: usize = Rust_primitives.Hax.dropped_body /// Field modulus: 3329 -let v__FIELD_MODULUS: i16 = 3329s +let v__FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index a1c8ed093..2a2d9ad5f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -6,9 +6,7 @@ open FStar.Mul /// The state. /// It's only used for SHAKE128. /// All other functions don't actually use any members. -type t_Simd256Hash = { - f_shake128_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i -} +type t_Simd256Hash = { f_shake128_state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 } [@@ FStar.Tactics.Typeclasses.tcinstance] let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = @@ -35,7 +33,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 digest input in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -43,7 +41,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out: t_Array (t_Array u8 v_LEN) v_K) + (out1: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -62,7 +60,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - Libcrux_sha3.Avx2.X4.shake256xN v_LEN v_K input); + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K + in + let _:Prims.unit = "failure" in + out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post = @@ -83,9 +85,10 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i = - Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_finalxN v_K input + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_init () in + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = "failure" in { f_shake128_state = state } <: t_Simd256Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_three_blocks_post @@ -107,12 +110,12 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) - Core.Core_arch.X86.t____m256i & - t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504) + ) + v_K in - let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let _:Prims.unit = "failure" in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); @@ -135,11 +138,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i & - t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_sha3.Avx2.X4.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) + v_K in - let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let _:Prims.unit = "failure" in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 9b65ef28b..73dfe8d29 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -7,8 +7,7 @@ open FStar.Mul /// It's only used for SHAKE128. /// All other functions don't actually use any members. type t_Simd128Hash = { - f_shake128_state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) + f_shake128_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -36,7 +35,13 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Neon.shake256 v_LEN digest input in + let dummy:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 input input digest dummy + in + let digest:t_Array u8 v_LEN = tmp0 in + let dummy:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -44,7 +49,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out: t_Array (t_Array u8 v_LEN) v_K) + (out1: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -63,7 +68,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - Libcrux_sha3.Neon.X2.shake256xN v_LEN v_K input); + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K + in + let _:Prims.unit = "failure" in + out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post = @@ -84,10 +93,17 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) = - Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_finalxN v_K input + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + let list = + [ + Libcrux_sha3.Neon.X2.Incremental.shake128_init (); + Libcrux_sha3.Neon.X2.Incremental.shake128_init () + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = "failure" in { f_shake128_state = state } <: t_Simd128Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_three_blocks_post @@ -109,18 +125,18 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let tmp0, out:(t_Array - (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) (sz 2) & - t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504) + ) + v_K in - let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in + let _:Prims.unit = "failure" in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_block_post = - (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + (fun (self: t_Simd128Hash) (out4: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); f_shake128_squeeze_block = fun (self: t_Simd128Hash) -> @@ -137,12 +153,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let tmp0, out:(t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) & - t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) + v_K in - let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in + let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) = "failure" in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 8e0d569e7..d76d909e8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -7,7 +7,7 @@ open FStar.Mul /// It's only used for SHAKE128. /// All other functions don't actually use any members. type t_PortableHash (v_K: usize) = { - f_shake128_state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K + f_shake128_state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -35,7 +35,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 digest input in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -66,10 +66,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in let out:t_Array (t_Array u8 v_LEN) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -80,8 +79,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i - (Libcrux_sha3.Portable.shake256 v_LEN - (out.[ i ] <: t_Array u8 v_LEN) + (Libcrux_sha3.Portable.shake256 (out.[ i ] <: t_Array u8 v_LEN) (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 33)) <: t_Slice u8) <: t_Array u8 v_LEN) @@ -109,37 +107,34 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K in () in - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = Rust_primitives.Hax.repeat (Libcrux_sha3.Portable.Incremental.shake128_init () <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) v_K in - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) state (fun state i -> - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = - state - in + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = state in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state i (Libcrux_sha3.Portable.Incremental.shake128_absorb_final (state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) <: - t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K) + t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K) in { f_shake128_state = state } <: t_PortableHash v_K); f_shake128_squeeze_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true); @@ -172,10 +167,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K v_K in let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -184,12 +178,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K (fun temp_0_ i -> let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = temp_0_ in let i:usize = i in - let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & - t_Array u8 (sz 504)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState1 & t_Array u8 (sz 504)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_three_blocks (self .f_shake128_state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (out.[ i ] <: t_Array u8 (sz 504)) in let self:t_PortableHash v_K = @@ -241,10 +234,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K v_K in let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -253,12 +245,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K (fun temp_0_ i -> let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = temp_0_ in let i:usize = i in - let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & - t_Array u8 (sz 168)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState1 & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (out.[ i ] <: t_Array u8 (sz 168)) in let self:t_PortableHash v_K = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 6c37b4454..9c5c2c468 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -9,7 +9,7 @@ open FStar.Mul /// - AVX2 /// - NEON /// - Portable -class t_Hash (v_Self: Type) (v_K: usize) = { +class t_Hash (v_Self: Type0) (v_K: usize) = { f_G_pre:t_Slice u8 -> bool; f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> bool; f_G:x0: t_Slice u8 @@ -51,7 +51,7 @@ class t_Hash (v_Self: Type) (v_K: usize) = { } /// The SHA3 block size. -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = Rust_primitives.Hax.dropped_body /// The size of 3 SHA3 blocks. -let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 +let v_THREE_BLOCKS: usize = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst new file mode 100644 index 000000000..1b7adcd0d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti new file mode 100644 index 000000000..5c35e7373 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -0,0 +1,37 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Portable decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Portable encapsualte +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Portable generate key pair. +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst new file mode 100644 index 000000000..e94abdbc5 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector in + () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti new file mode 100644 index 000000000..417351f41 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -0,0 +1,37 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Portable decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Portable encapsualte +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Portable generate key pair. +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst new file mode 100644 index 000000000..681fc0e37 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -0,0 +1,116 @@ +module Libcrux_ml_kem.Ind_cca.Multiplexing +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti new file mode 100644 index 000000000..f94109b2d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -0,0 +1,33 @@ +module Libcrux_ml_kem.Ind_cca.Multiplexing +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9b5b0ea1c..0b2ab9311 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -3,9 +3,17 @@ module Libcrux_ml_kem.Ind_cca open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + let serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) - (#v_Hasher: Type) + (#v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -17,15 +25,16 @@ let serialize_kem_secret_key Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; - Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len private_key <: usize) <: usize + Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len private_key <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -35,20 +44,21 @@ let serialize_kem_secret_key <: t_Slice u8) in - let pointer:usize = pointer +! (Core.Slice.impl__len private_key <: usize) in + let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; - Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len public_key <: usize) <: usize + Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len public_key <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -58,7 +68,7 @@ let serialize_kem_secret_key <: t_Slice u8) in - let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in + let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ @@ -67,7 +77,8 @@ let serialize_kem_secret_key } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize } @@ -75,7 +86,7 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K public_key + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher v_K public_key <: t_Array u8 (sz 32)) <: @@ -90,15 +101,16 @@ let serialize_kem_secret_key Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len implicit_rejection_value <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len implicit_rejection_value <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -110,15 +122,18 @@ let serialize_kem_secret_key in out -let validate_public_key_generic +let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE v_K + #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeTo usize ] @@ -129,6 +144,7 @@ let validate_public_key_generic Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE + #v_Vector deserialized_pk (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -138,50 +154,13 @@ let validate_public_key_generic in public_key =. public_key_serialized -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist2:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key) - <: - Core.Ops.Control_flow.t_ControlFlow bool Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist2) - <: - Core.Ops.Control_flow.t_ControlFlow bool bool - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - <: - bool - else - validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - <: - bool) - <: - Core.Ops.Control_flow.t_ControlFlow bool bool) - -let decapsulate_generic +let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -189,13 +168,15 @@ let decapsulate_generic (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Libcrux_ml_kem.Types.impl_12__split_at v_SECRET_KEY_SIZE private_key v_CPA_SECRET_KEY_SIZE + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key v_PUBLIC_KEY_SIZE + Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE in let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE + Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K @@ -203,21 +184,20 @@ let decapsulate_generic v_C1_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector ind_cpa_secret_key ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Ind_cpa.into_padded_array (sz 64) - (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -227,15 +207,16 @@ let decapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Libcrux_ml_kem.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE implicit_rejection_value in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = @@ -243,94 +224,52 @@ let decapsulate_generic ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + ciphertext + <: + t_Slice u8) <: t_Slice u8) in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_PRF v_K (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + v_K + (sz 32) + (Rust_primitives.unsize to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted - pseudorandomness + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key + decrypted pseudorandomness in let selector:u8 = Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE - (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + ciphertext + <: + t_Slice u8) (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) in Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) selector -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist3:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist3) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - let! hoist4:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist4) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext - <: - t_Array u8 (sz 32)) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) - (Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)))) - -let encapsulate_generic +let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -338,22 +277,21 @@ let encapsulate_generic (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Ind_cpa.into_padded_array (sz 64) - (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + v_K (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: @@ -368,16 +306,17 @@ let encapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -386,86 +325,42 @@ let encapsulate_generic in let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let shared_secret_array:t_Array u8 (sz 32) = - Core.Slice.impl__copy_from_slice shared_secret_array shared_secret + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret in - Core.Convert.f_into ciphertext, shared_secret_array + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + ciphertext, + shared_secret_array <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist5:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - let! hoist6:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist6) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)))) - -let generate_keypair_generic +let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) + (randomness: t_Array u8 (sz 64)) = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = Libcrux_ml_kem.Ind_cpa.generate_keypair v_K @@ -474,91 +369,29 @@ let generate_keypair_generic v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE + #v_Hasher (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) (Rust_primitives.unsize public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = - Core.Convert.f_from secret_key_serialized + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + #(t_Array u8 v_PRIVATE_KEY_SIZE) + secret_key_serialized in Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key - (Core.Convert.f_into public_key <: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - if true && true && Libcrux_platform.Platform.simd256_support () - then - let! hoist7:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist7) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && Libcrux_platform.Platform.simd128_support () - then - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value - else - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)) + (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #(t_Array u8 v_PUBLIC_KEY_SIZE) + public_key + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 0b669d301..2731071c5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -3,91 +3,70 @@ module Libcrux_ml_kem.Ind_cca open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// An ML-KEM shared secret. /// A byte array of size [`SHARED_SECRET_SIZE`]. unfold let t_MlKemSharedSecret = t_Array u8 (sz 32) /// Seed size for encapsulation -let v_ENCAPS_SEED_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ENCAPS_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// Seed size for key generation -let v_KEY_GENERATION_SEED_SIZE: usize = - Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// Serialize the secret key. val serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) - (#v_Hasher: Type) + (#v_Hasher: Type0) {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) -val validate_public_key_generic - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val decapsulate_generic - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate_generic - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val generate_keypair_generic - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) - +/// Generate a key pair. +/// Depending on the `Vector` and `Hasher` used, this requires different hardware +/// features val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 97b66b4f4..bf1e03308 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -3,44 +3,19 @@ module Libcrux_ml_kem.Ind_cpa open Core open FStar.Mul -let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let out:t_Array u8 v_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - slice - <: - t_Slice u8) - in - out +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () let sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -48,19 +23,19 @@ let sample_ring_element_cbd (domain_separator: u8) = let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -85,13 +60,12 @@ let sample_ring_element_cbd in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = - Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA2_RANDOMNESS_SIZE prf_inputs + Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher v_K v_ETA2_RANDOMNESS_SIZE prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -105,6 +79,7 @@ let sample_ring_element_cbd Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) <: t_Slice u8) @@ -119,8 +94,10 @@ let sample_ring_element_cbd let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -128,19 +105,19 @@ let sample_vector_cbd_then_ntt (domain_separator: u8) = let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -165,13 +142,12 @@ let sample_vector_cbd_then_ntt in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = - Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA_RANDOMNESS_SIZE prf_inputs + Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher v_K v_ETA_RANDOMNESS_SIZE prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -186,6 +162,7 @@ let sample_vector_cbd_then_ntt Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA + #v_Vector (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) <: t_Slice u8) @@ -195,9 +172,8 @@ let sample_vector_cbd_then_ntt let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt i - (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element (re_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element #v_Vector + (re_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -209,14 +185,22 @@ let sample_vector_cbd_then_ntt let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) = let out, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter input + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + input <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -241,7 +225,8 @@ let compress_then_serialize_u } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = @@ -254,6 +239,7 @@ let compress_then_serialize_u (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR v_BLOCK_LEN + #v_Vector re <: t_Array u8 v_BLOCK_LEN) @@ -268,21 +254,27 @@ let compress_then_serialize_u let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + (Rust_primitives.unsize ciphertext <: t_Slice u8) ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: @@ -306,6 +298,7 @@ let deserialize_then_decompress_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR + #v_Vector u_bytes <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -314,6 +307,7 @@ let deserialize_then_decompress_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR + #v_Vector (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -325,8 +319,10 @@ let deserialize_then_decompress_u let encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -337,6 +333,7 @@ let encrypt let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE v_K + #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] @@ -351,40 +348,53 @@ let encrypt let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Libcrux_ml_kem.Matrix.sample_matrix_A v_K - (into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + #v_Vector + #v_Hasher + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) false in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + in let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy in let error_1_, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator + sample_ring_element_cbd v_K + v_ETA2_RANDOMNESS_SIZE + v_ETA2 + #v_Vector + #v_Hasher + prf_input + domain_separator in let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator in let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.f_PRF v_K + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + v_K v_ETA2_RANDOMNESS_SIZE (Rust_primitives.unsize prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector (Rust_primitives.unsize prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_ + Libcrux_ml_kem.Matrix.compute_vector_u v_K #v_Vector v_A_transpose r_as_ntt error_1_ in let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_message message + Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message in let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Matrix.compute_ring_element_v v_K + #v_Vector tt_as_ntt r_as_ntt error_2_ @@ -400,6 +410,7 @@ let encrypt v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN + #v_Vector u (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } <: @@ -414,6 +425,7 @@ let encrypt ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR v_C2_LEN + #v_Vector v (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -425,21 +437,27 @@ let encrypt let deserialize_secret_key (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (secret_key: t_Slice u8) = let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact secret_key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + secret_key Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) @@ -456,7 +474,8 @@ let deserialize_secret_key let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt i - (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element secret_bytes + (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector + secret_bytes <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -467,16 +486,19 @@ let deserialize_secret_key let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext + deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext in let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR + #v_Vector (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] @@ -484,23 +506,31 @@ let decrypt t_Slice u8) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_secret_key v_K secret_key + deserialize_secret_key v_K #v_Vector secret_key in let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_message v_K v secret_as_ntt u_as_ntt + Libcrux_ml_kem.Matrix.compute_message v_K #v_Vector v secret_as_ntt u_as_ntt in - Libcrux_ml_kem.Serialize.compress_then_serialize_message message + Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message let serialize_secret_key (v_K v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + key <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -529,7 +559,8 @@ let serialize_secret_key } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; @@ -544,6 +575,7 @@ let serialize_secret_key <: t_Slice u8) (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element + #v_Vector re <: t_Array u8 (sz 384)) @@ -558,8 +590,10 @@ let serialize_secret_key let serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) = @@ -571,7 +605,8 @@ let serialize_public_key ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (public_key_serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (public_key_serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -581,6 +616,7 @@ let serialize_public_key t_Slice u8) (Rust_primitives.unsize (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT + #v_Vector tt_as_ntt <: t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) @@ -594,9 +630,8 @@ let serialize_public_key ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (public_key_serialized.[ { - Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT - } + (Core.Slice.impl__copy_from_slice #u8 + (public_key_serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -610,43 +645,60 @@ let serialize_public_key let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) = - let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G v_K key_generation_seed in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K key_generation_seed + in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Libcrux_ml_kem.Matrix.sample_matrix_A v_K - (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + #v_Vector + #v_Hasher + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) true in let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - into_padded_array (sz 33) seed_for_secret_and_error + Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error in let secret_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy in let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 ) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator + sample_vector_cbd_then_ntt v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + domain_separator in let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector v_A_transpose secret_as_ntt error_as_ntt in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + tt_as_ntt + seed_for_A in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt + serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector secret_as_ntt in secret_key_serialized, public_key_serialized <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ca613d980..7b73f0062 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -3,54 +3,39 @@ module Libcrux_ml_kem.Ind_cpa open Core open FStar.Mul -/// Pad the `slice` with `0`s at the end. -val into_padded_array (v_LEN: usize) (slice: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () -/// Sample a vector of ring elements from a centered binomial distribution. -val sample_ring_element_cbd - (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) - (domain_separator: u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Sample a vector of ring elements from a centered binomial distribution and -/// convert them into their NTT representations. -val sample_vector_cbd_then_ntt - (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) - (domain_separator: u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Call [`compress_then_serialize_ring_element_u`] on each ring element. -val compress_then_serialize_u - (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (out: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - -/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element -/// in the `ciphertext`. -val deserialize_then_decompress_u - (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} +/// This function implements Algorithm 14 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. +/// Algorithm 14 is reproduced below: +/// ```plaintext +/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. +/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. +/// Output: message m ∈ 𝔹^{32}. +/// c₁ ← c[0 : 32dᵤk] +/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] +/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) +/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) +/// ŝ ← ByteDecode₁₂(dkₚₖₑ) +/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) +/// m ← ByteEncode₁(Compress₁(w)) +/// return m +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val decrypt + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -90,68 +75,14 @@ val deserialize_then_decompress_u val encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -val deserialize_secret_key - (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (secret_key: t_Slice u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - -/// This function implements Algorithm 14 of the -/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. -/// Algorithm 14 is reproduced below: -/// ```plaintext -/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. -/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. -/// Output: message m ∈ 𝔹^{32}. -/// c₁ ← c[0 : 32dᵤk] -/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] -/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) -/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) -/// ŝ ← ByteDecode₁₂(dkₚₖₑ) -/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) -/// m ← ByteEncode₁(Compress₁(w)) -/// return m -/// ``` -/// The NIST FIPS 203 standard can be found at -/// . -val decrypt - (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: - usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (secret_key: t_Slice u8) - (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Call [`serialize_uncompressed_ring_element`] for each ring element. -val serialize_secret_key - (v_K v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) - -/// Concatenate `t` and `ρ` into the public key. -val serialize_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (seed_for_a: t_Slice u8) - : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. /// We say "most of" since Algorithm 12 samples the required randomness within @@ -188,10 +119,82 @@ val serialize_public_key val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`compress_then_serialize_ring_element_u`] on each ring element. +val compress_then_serialize_u + (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (out: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +val deserialize_secret_key + (v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (secret_key: t_Slice u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element +/// in the `ciphertext`. +val deserialize_then_decompress_u + (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Sample a vector of ring elements from a centered binomial distribution. +val sample_ring_element_cbd + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Sample a vector of ring elements from a centered binomial distribution and +/// convert them into their NTT representations. +val sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Concatenate `t` and `ρ` into the public key. +val serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`serialize_uncompressed_ring_element`] for each ring element. +val serialize_secret_key + (v_K v_OUT_LEN: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 68da4db0b..34e6fbf5e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -3,30 +3,42 @@ module Libcrux_ml_kem.Invert_ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let inv_ntt_layer_int_vec_step_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a b: v_Vector) (zeta_r: i16) = - let a_minus_b:v_Vector = Libcrux_traits.f_sub b a in - let a:v_Vector = Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add a b <: v_Vector) in - let b:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer a_minus_b zeta_r in + let a_minus_b:v_Vector = Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector b a in + let a:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector a b <: v_Vector) + in + let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) let invert_ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -46,10 +58,8 @@ let invert_ntt_at_layer_1_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_1_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] @@ -75,18 +85,19 @@ let invert_ntt_at_layer_1_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -106,10 +117,8 @@ let invert_ntt_at_layer_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_2_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] @@ -127,18 +136,19 @@ let invert_ntt_at_layer_2_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -158,10 +168,8 @@ let invert_ntt_at_layer_3_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_3_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) <: v_Vector) @@ -174,8 +182,10 @@ let invert_ntt_at_layer_3_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_4_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) @@ -183,10 +193,9 @@ let invert_ntt_at_layer_4_plus let step:usize = sz 1 <>! layer <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 128 >>! layer <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -199,10 +208,14 @@ let invert_ntt_at_layer_4_plus let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let offset_vec:usize = + offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + in + let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = offset_vec; Core.Ops.Range.f_end = offset_vec +! step_vec <: usize } @@ -215,10 +228,8 @@ let invert_ntt_at_layer_4_plus let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let x, y:(v_Vector & v_Vector) = - inv_ntt_layer_int_vec_step_reduce (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - j ] - <: - v_Vector) + inv_ntt_layer_int_vec_step_reduce #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) @@ -258,56 +269,58 @@ let invert_ntt_at_layer_4_plus let invert_ntt_montgomery (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_1_ zeta_i re (sz 1) + invert_ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_2_ zeta_i re (sz 2) + invert_ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_3_ zeta_i re (sz 3) + invert_ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 4) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 5) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 6) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 7) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index a000597eb..ffe255831 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -3,16 +3,22 @@ module Libcrux_ml_kem.Invert_ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val inv_ntt_layer_int_vec_step_reduce - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -21,8 +27,8 @@ val invert_ntt_at_layer_1_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -31,8 +37,8 @@ val invert_ntt_at_layer_2_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -41,8 +47,8 @@ val invert_ntt_at_layer_3_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_4_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) @@ -52,8 +58,8 @@ val invert_ntt_at_layer_4_plus val invert_ntt_montgomery (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index f12b7df16..cb7647bee 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -3,26 +3,42 @@ module Libcrux_ml_kem.Matrix open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + let compute_As_plus_e (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Slice.impl__iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -47,8 +63,14 @@ let compute_As_plus_e temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize row + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -73,14 +95,16 @@ let compute_As_plus_e temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply matrix_element + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K + (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + v_K (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -93,9 +117,8 @@ let compute_As_plus_e let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce (result.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce #v_Vector + (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -106,19 +129,20 @@ let compute_As_plus_e let compute_ring_element_v (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt r_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -128,43 +152,51 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply (tt_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (r_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product + Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product in result) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce error_2_ message result + Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce #v_Vector error_2_ message result in result let compute_vector_u (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a_as_ntt: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Slice.impl__iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize a_as_ntt <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -189,8 +221,14 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize row + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -215,14 +253,16 @@ let compute_vector_u temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply a_element + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + a_element (r_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K + (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + v_K (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -236,6 +276,7 @@ let compute_vector_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i (Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K + #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -243,9 +284,8 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_error_reduce (result.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Polynomial.impl__add_error_reduce #v_Vector + (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -256,20 +296,21 @@ let compute_vector_u let compute_message (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (secret_as_ntt u_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -279,28 +320,29 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply (secret_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product + Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product in result) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__subtract_reduce v result + Libcrux_ml_kem.Polynomial.impl__subtract_reduce #v_Vector v result in result let sample_matrix_A (v_K: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -309,13 +351,15 @@ let sample_matrix_A = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K (fun v__i -> let v__i:usize = v__i in - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -323,10 +367,9 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -340,10 +383,9 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -377,10 +419,16 @@ let sample_matrix_A seeds) in let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Sampling.sample_from_xof v_K seeds + Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter sampled + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + sampled <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 959f17ca0..9b53942d2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -3,11 +3,18 @@ module Libcrux_ml_kem.Matrix open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// Compute  ◦ ŝ + ê val compute_As_plus_e (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: @@ -16,11 +23,26 @@ val compute_As_plus_e Prims.l_True (fun _ -> Prims.l_True) +/// The following functions compute various expressions involving +/// vectors and matrices. The computation of these expressions has been +/// abstracted away into these functions in order to save on loop iterations. +/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) +val compute_message + (v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (secret_as_ntt u_as_ntt: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message val compute_ring_element_v (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (tt_as_ntt r_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -30,8 +52,8 @@ val compute_ring_element_v /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ val compute_vector_u (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a_as_ntt: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -39,25 +61,10 @@ val compute_vector_u Prims.l_True (fun _ -> Prims.l_True) -/// The following functions compute various expressions involving -/// vectors and matrices. The computation of these expressions has been -/// abstracted away into these functions in order to save on loop iterations. -/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) -val compute_message - (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (secret_as_ntt u_as_ntt: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True - (fun _ -> Prims.l_True) - val sample_matrix_A (v_K: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seed: t_Array u8 (sz 34)) (transpose: bool) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst new file mode 100644 index 000000000..a6c49635b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) + (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1600) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti new file mode 100644 index 000000000..b3c9a6920 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst new file mode 100644 index 000000000..65878c0fb --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem1024.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) + (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1600) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti new file mode 100644 index 000000000..e09969dff --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem1024.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index c7a2eaafa..a0e43d2ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -7,13 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key - ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) (sz 1536) (sz 1568) public_key.Libcrux_ml_kem.Types.f_value @@ -26,15 +33,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) - (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 4) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) (sz 1536) (sz 3168) (sz 1568) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 34785554b..f8c25b6fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_C1_BLOCK_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_1024_: usize = sz 4 +let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = - ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = - (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = - ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_1024_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_1024_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_ +let v_RANK_1024_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5 +let v_SECRET_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_1024_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ +let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 1024 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem1024PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 1024 Key pair unfold let t_MlKem1024KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst new file mode 100644 index 000000000..671c9d2ba --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Mlkem512.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti new file mode 100644 index 000000000..8504c458d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem512.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst new file mode 100644 index 000000000..021b912b0 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Mlkem512.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti new file mode 100644 index 000000000..a069aea6f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem512.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 520065dfa..b3252faa0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -7,12 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) (sz 768) (sz 800) public_key.Libcrux_ml_kem.Types.f_value @@ -23,15 +31,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 8 else Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) - (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 2) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) (sz 768) (sz 1632) (sz 800) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index da84a9270..155d70c2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let v_ETA1: usize = sz 3 +let v_C1_BLOCK_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_512_: usize = sz 2 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_512_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ +let v_RANK_512_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_SECRET_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 512 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem512PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 512 Key pair unfold let t_MlKem512KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst new file mode 100644 index 000000000..ae68d3994 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem768.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) + (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1120) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti new file mode 100644 index 000000000..4c9e0045a --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem768.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst new file mode 100644 index 000000000..9c5cf8365 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem768.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) + (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1120) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti new file mode 100644 index 000000000..644446ed8 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem768.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index dd9dd13cf..a8cefb121 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -7,13 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key - ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) (sz 1152) (sz 1184) public_key.Libcrux_ml_kem.Types.f_value @@ -26,15 +33,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) - (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 3) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) (sz 1152) (sz 2400) (sz 1184) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 06774d878..6260bb2fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_C1_BLOCK_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_768_: usize = sz 3 +let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = - ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = - (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_768_: usize = - ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_768_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_768_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_ +let v_RANK_768_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4 +let v_SECRET_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_768_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ +let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 768 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem768PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 768 Key pair unfold let t_MlKem768KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) @@ -107,6 +82,12 @@ let t_MlKem768KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. +/// This function uses CPU feature detection to pick the most efficient version +/// on each platform. To use a specific version with your own feature detection +/// use one of the following +/// - [`generate_key_pair_avx2`] +/// - [`generate_key_pair_neon`] +/// - [`generate_key_pair_portable`] /// This function returns an [`MlKem768KeyPair`]. val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 228560bc0..b68155e06 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -3,30 +3,39 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let ntt_layer_int_vec_step - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a b: v_Vector) (zeta_r: i16) = - let t:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer b zeta_r in - let b:v_Vector = Libcrux_traits.f_sub a t in - let a:v_Vector = Libcrux_traits.f_add a t in + let t:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector b zeta_r in + let b:v_Vector = Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector a t in + let a:v_Vector = Libcrux_ml_kem.Vector.Traits.f_add #v_Vector a t in a, b <: (v_Vector & v_Vector) let ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -46,10 +55,8 @@ let ntt_at_layer_1_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_1_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] @@ -75,18 +82,19 @@ let ntt_at_layer_1_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -106,10 +114,8 @@ let ntt_at_layer_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_2_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] @@ -127,18 +133,19 @@ let ntt_at_layer_2_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -158,10 +165,8 @@ let ntt_at_layer_3_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_3_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) <: v_Vector) @@ -174,8 +179,10 @@ let ntt_at_layer_3_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_4_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) @@ -195,10 +202,9 @@ let ntt_at_layer_4_plus let step:usize = sz 1 <>! layer <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 128 >>! layer <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -211,10 +217,12 @@ let ntt_at_layer_4_plus let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let offset_vec:usize = offset /! sz 16 in + let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = offset_vec; Core.Ops.Range.f_end = offset_vec +! step_vec <: usize } @@ -227,9 +235,8 @@ let ntt_at_layer_4_plus let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let x, y:(v_Vector & v_Vector) = - ntt_layer_int_vec_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] - <: - v_Vector) + ntt_layer_int_vec_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) @@ -268,16 +275,17 @@ let ntt_at_layer_4_plus zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_7_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re, hax_temp_output:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = step - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } <: Core.Ops.Range.t_Range usize) <: @@ -287,12 +295,8 @@ let ntt_at_layer_7_ let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let t:v_Vector = - Libcrux_traits.f_multiply_by_constant (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! - step - <: - usize ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step <: usize ] <: v_Vector) (-1600s) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -303,8 +307,8 @@ let ntt_at_layer_7_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients (j +! step <: usize) - (Libcrux_traits.f_sub (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector - ) + (Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) t <: v_Vector) @@ -320,8 +324,8 @@ let ntt_at_layer_7_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients j - (Libcrux_traits.f_add (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector - ) + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) t <: v_Vector) @@ -334,51 +338,55 @@ let ntt_at_layer_7_ re let ntt_binomially_sampled_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = ntt_at_layer_7_ re in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + ntt_at_layer_7_ #v_Vector re + in let zeta_i:usize = sz 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ zeta_i re (sz 3) (sz 3) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ zeta_i re (sz 2) (sz 3) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ zeta_i re (sz 1) (sz 3) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -386,56 +394,58 @@ let ntt_binomially_sampled_ring_element let ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let zeta_i:usize = sz 0 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 7) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ zeta_i re (sz 3) (sz 3328) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ zeta_i re (sz 2) (sz 3328) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ zeta_i re (sz 1) (sz 3328) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 8d23fbd07..2e535adc9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -3,16 +3,22 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val ntt_layer_int_vec_step - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -21,8 +27,8 @@ val ntt_at_layer_1_ (fun _ -> Prims.l_True) val ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -31,8 +37,8 @@ val ntt_at_layer_2_ (fun _ -> Prims.l_True) val ntt_at_layer_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -41,8 +47,8 @@ val ntt_at_layer_3_ (fun _ -> Prims.l_True) val ntt_at_layer_4_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) @@ -51,16 +57,16 @@ val ntt_at_layer_4_plus (fun _ -> Prims.l_True) val ntt_at_layer_7_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val ntt_binomially_sampled_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -68,8 +74,8 @@ val ntt_binomially_sampled_ring_element val ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 3644f27f6..472c8b1ba 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -3,25 +3,39 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let impl__ZERO - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (_: Prims.unit) = - { f_coefficients = Rust_primitives.Hax.repeat (Libcrux_traits.f_ZERO () <: v_Vector) (sz 16) } + { + f_coefficients + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Vector.Traits.f_ZERO #v_Vector () <: v_Vector) + (sz 16) + } <: t_PolynomialRingElement v_Vector let impl__add_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -31,7 +45,8 @@ let impl__add_error_reduce let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (self.f_coefficients.[ j ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (self.f_coefficients.[ j ] <: v_Vector) 1441s in let self:t_PolynomialRingElement v_Vector = @@ -41,7 +56,9 @@ let impl__add_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + coefficient_normal_form (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) @@ -56,15 +73,16 @@ let impl__add_error_reduce self let impl__add_message_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -74,11 +92,18 @@ let impl__add_message_error_reduce let result:t_PolynomialRingElement v_Vector = result in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (result.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (result.f_coefficients.[ i ] <: v_Vector) 1441s in + let tmp:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) + (message.f_coefficients.[ i ] <: v_Vector) + in + let tmp:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_add #v_Vector coefficient_normal_form tmp + in let result:t_PolynomialRingElement v_Vector = { result with @@ -86,15 +111,7 @@ let impl__add_message_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients i - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form - (Libcrux_traits.f_add (self.f_coefficients.[ i ] <: v_Vector) - (message.f_coefficients.[ i ] <: v_Vector) - <: - v_Vector) - <: - v_Vector) - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector tmp <: v_Vector) } <: t_PolynomialRingElement v_Vector @@ -104,15 +121,16 @@ let impl__add_message_error_reduce result let impl__add_standard_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -122,7 +140,8 @@ let impl__add_standard_error_reduce let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_to_standard_domain (self.f_coefficients.[ j ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.to_standard_domain #v_Vector + (self.f_coefficients.[ j ] <: v_Vector) in let self:t_PolynomialRingElement v_Vector = { @@ -131,7 +150,9 @@ let impl__add_standard_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + coefficient_normal_form (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) @@ -146,17 +167,22 @@ let impl__add_standard_error_reduce self let impl__add_to_ring_element - (#v_Vector: Type) + (#v_Vector: Type0) (v_K: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = - Core.Slice.impl__len (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) + Core.Slice.impl__len #v_Vector + (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) <: usize } @@ -174,7 +200,8 @@ let impl__add_to_ring_element = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients i - (Libcrux_traits.f_add (self.f_coefficients.[ i ] <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -187,16 +214,17 @@ let impl__add_to_ring_element self let impl__from_i16_array - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: t_Slice i16) = - let result:t_PolynomialRingElement v_Vector = impl__ZERO () in + let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -211,13 +239,10 @@ let impl__from_i16_array = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients i - (Libcrux_traits.f_from_i16_array (a.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize + (Libcrux_ml_kem.Vector.Traits.f_from_i16_array #v_Vector + (a.[ { + Core.Ops.Range.f_start = i *! sz 16 <: usize; + Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 16 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -234,16 +259,17 @@ let impl__from_i16_array result let impl__ntt_multiply - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = - let out:t_PolynomialRingElement v_Vector = impl__ZERO () in + let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -258,7 +284,8 @@ let impl__ntt_multiply = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients i - (Libcrux_traits.f_ntt_multiply (self.f_coefficients.[ i ] <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 @@ -287,15 +314,16 @@ let impl__ntt_multiply out let impl__poly_barrett_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -310,7 +338,10 @@ let impl__poly_barrett_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients i - (Libcrux_traits.f_barrett_reduce (self.f_coefficients.[ i ] <: v_Vector) <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) + <: + v_Vector) <: t_Array v_Vector (sz 16) } @@ -320,15 +351,16 @@ let impl__poly_barrett_reduce self let impl__subtract_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -338,7 +370,8 @@ let impl__subtract_reduce let b:t_PolynomialRingElement v_Vector = b in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (b.f_coefficients.[ i ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (b.f_coefficients.[ i ] <: v_Vector) 1441s in let b:t_PolynomialRingElement v_Vector = @@ -348,9 +381,9 @@ let impl__subtract_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize b.f_coefficients i - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_sub (self.f_coefficients.[ i ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) coefficient_normal_form <: v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 3e4da8720..80bc1336c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -3,66 +3,56 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = - let list = - [ - (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; - 962s; (-1202s); (-1474s); 1468s; 573s; (-1325s); 264s; 383s; (-829s); 1458s; (-1602s); (-130s); - (-681s); 1017s; 732s; 608s; (-1542s); 411s; (-205s); (-1571s); 1223s; 652s; (-552s); 1015s; - (-1293s); 1491s; (-282s); (-1544s); 516s; (-8s); (-320s); (-666s); (-1618s); (-1162s); 126s; - 1469s; (-853s); (-90s); (-271s); 830s; 107s; (-1421s); (-247s); (-951s); (-398s); 961s; - (-1508s); (-725s); 448s; (-1065s); 677s; (-1275s); (-1103s); 430s; 555s; 843s; (-1251s); 871s; - 1550s; 105s; 422s; 587s; 177s; (-235s); (-291s); (-460s); 1574s; 1653s; (-246s); 778s; 1159s; - (-147s); (-777s); 1483s; (-602s); 1119s; (-1590s); 644s; (-872s); 349s; 418s; 329s; (-156s); - (-75s); 817s; 1097s; 603s; 610s; 1322s; (-1285s); (-1465s); 384s; (-1215s); (-136s); 1218s; - (-1335s); (-874s); 220s; (-1187s); (-1659s); (-1185s); (-1530s); (-1278s); 794s; (-1510s); - (-854s); (-870s); 478s; (-108s); (-308s); 996s; 991s; 958s; (-1460s); 1522s; 1628s - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); - Rust_primitives.Hax.array_of_list 128 list +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () -let v_VECTORS_IN_RING_ELEMENT: usize = - Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! - Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR +let v_VECTORS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body -type t_PolynomialRingElement (v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} = { - f_coefficients:t_Array v_Vector (sz 16) -} +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = Rust_primitives.Hax.dropped_body -val impl__ZERO: #v_Vector: Type -> {| i1: Libcrux_traits.t_Operations v_Vector |} -> Prims.unit +type t_PolynomialRingElement + (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { f_coefficients:t_Array v_Vector (sz 16) } + +val impl__ZERO: + #v_Vector: Type0 -> + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> + Prims.unit -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_message_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self message result: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_standard_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise /// sum of their constituent coefficients. val impl__add_to_ring_element - (#v_Vector: Type) + (#v_Vector: Type0) (v_K: usize) - {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__from_i16_array - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -87,19 +77,19 @@ val impl__from_i16_array /// The NIST FIPS 203 standard can be found at /// . val impl__ntt_multiply - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__poly_barrett_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__subtract_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 7c18a83f4..5005f1d87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -3,19 +3,27 @@ module Libcrux_ml_kem.Sampling open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + let sample_from_uniform_distribution_next - (#v_Vector: Type) + (#v_Vector: Type0) (v_K v_N: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -26,10 +34,9 @@ let sample_from_uniform_distribution_next temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_N /! sz 24 <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -48,7 +55,8 @@ let sample_from_uniform_distribution_next bool then let tmp0, out1:(t_Slice i16 & usize) = - Libcrux_traits.f_rej_sample ((randomness.[ i ] <: t_Array u8 v_N).[ { + Libcrux_ml_kem.Vector.Traits.f_rej_sample #v_Vector + ((randomness.[ i ] <: t_Array u8 v_N).[ { Core.Ops.Range.f_start = r *! sz 24 <: usize; Core.Ops.Range.f_end = (r *! sz 24 <: usize) +! sz 24 <: usize } @@ -103,10 +111,9 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -135,14 +142,20 @@ let sample_from_uniform_distribution_next (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) let sample_from_binomial_distribution_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -164,7 +177,9 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy + (Core.Ops.Range.t_Range u32)) + (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) ({ Core.Ops.Range.f_start = 0ul; Core.Ops.Range.f_end = Core.Num.impl__u32__BITS @@ -196,18 +211,24 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 - ) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (Rust_primitives.unsize sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -227,7 +248,9 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy + (Core.Ops.Range.t_Range i32)) + (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } <: Core.Ops.Range.t_Range i32) @@ -256,18 +279,20 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 - ) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (Rust_primitives.unsize sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = match cast (v_ETA <: usize) <: u32 with - | 2ul -> sample_from_binomial_distribution_2_ randomness - | 3ul -> sample_from_binomial_distribution_3_ randomness + | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness + | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -276,8 +301,10 @@ let sample_from_binomial_distribution let sample_from_xof (v_K: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -289,14 +316,16 @@ let sample_from_xof let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K in - let xof_state:v_Hasher = Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb v_K seeds in + let xof_state:v_Hasher = + Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb #v_Hasher v_K seeds + in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks v_K xof_state + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks #v_Hasher v_K xof_state in let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next v_K (sz 504) randomness sampled_coefficients out + sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in @@ -321,12 +350,17 @@ let sample_from_xof temp_0_ in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block v_K xof_state + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block #v_Hasher v_K xof_state in let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next v_K (sz 168) randomness sampled_coefficients out + sample_from_uniform_distribution_next #v_Vector + v_K + (sz 168) + randomness + sampled_coefficients + out in let sampled_coefficients:t_Array usize v_K = tmp0 in let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in @@ -335,14 +369,14 @@ let sample_from_xof <: (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) in - Core.Array.impl_23__map v_K + Core.Array.impl_23__map #(t_Array i16 (sz 272)) + v_K + #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) out (fun s -> let s:t_Array i16 (sz 272) = s in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (s.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 256 - } + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } <: Core.Ops.Range.t_Range usize ] <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index 52b52d986..2f9d5a51d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Sampling open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// If `bytes` contains a set of uniformly random bytes, this function /// uniformly samples a ring element `â` that is treated as being the NTT representation /// of the corresponding polynomial `a`. @@ -37,9 +44,9 @@ open FStar.Mul /// The NIST FIPS 203 standard can be found at /// . val sample_from_uniform_distribution_next - (#v_Vector: Type) + (#v_Vector: Type0) (v_K v_N: usize) - {| i1: Libcrux_traits.t_Operations v_Vector |} + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) (out: t_Array (t_Array i16 (sz 272)) v_K) @@ -47,6 +54,15 @@ val sample_from_uniform_distribution_next Prims.l_True (fun _ -> Prims.l_True) +val sample_from_binomial_distribution + (v_ETA: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (randomness: t_Slice u8) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Given a series of uniformly random bytes in `randomness`, for some number `eta`, /// the `sample_from_binomial_distribution_{eta}` functions sample /// a ring element from a binomial distribution centered at 0 that uses two sets @@ -86,34 +102,25 @@ val sample_from_uniform_distribution_next /// The NIST FIPS 203 standard can be found at /// . val sample_from_binomial_distribution_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 2 *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize)) - (fun _ -> Prims.l_True) - -val sample_from_binomial_distribution - (v_ETA: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (randomness: t_Slice u8) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 3 *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_xof (v_K: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seeds: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 916404d64..7f311ebd3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -3,15 +3,25 @@ module Libcrux_ml_kem.Serialize open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let compress_then_serialize_10_ (v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -24,15 +34,16 @@ let compress_then_serialize_10_ let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 10l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 10l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 20) = Libcrux_traits.f_serialize_10_ coefficient in + let bytes:t_Array u8 (sz 20) = + Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector coefficient + in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -41,7 +52,8 @@ let compress_then_serialize_10_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 20 *! i <: usize; Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize } @@ -59,13 +71,17 @@ let compress_then_serialize_10_ let compress_then_serialize_11_ (v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -78,15 +94,16 @@ let compress_then_serialize_11_ let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 11l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 11l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 22) = Libcrux_traits.f_serialize_11_ coefficient in + let bytes:t_Array u8 (sz 22) = + Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector coefficient + in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -95,7 +112,8 @@ let compress_then_serialize_11_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 22 *! i <: usize; Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize } @@ -112,13 +130,17 @@ let compress_then_serialize_11_ serialized let compress_then_serialize_4_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = let serialized, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -131,15 +153,16 @@ let compress_then_serialize_4_ let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 4l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 4l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 8) = Libcrux_traits.f_serialize_4_ coefficient in + let bytes:t_Array u8 (sz 8) = + Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector coefficient + in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -148,7 +171,8 @@ let compress_then_serialize_4_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 8 *! i <: usize; Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize } @@ -165,13 +189,17 @@ let compress_then_serialize_4_ serialized let compress_then_serialize_5_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = let serialized, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -184,15 +212,16 @@ let compress_then_serialize_5_ let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficients:v_Vector = - Libcrux_traits.f_compress 5l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 5l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 10) = Libcrux_traits.f_serialize_5_ coefficients in + let bytes:t_Array u8 (sz 10) = + Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector coefficients + in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -201,7 +230,8 @@ let compress_then_serialize_5_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 10 *! i <: usize; Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize } @@ -218,16 +248,17 @@ let compress_then_serialize_5_ serialized let compress_then_serialize_message - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -237,13 +268,15 @@ let compress_then_serialize_message let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_to_unsigned_representative (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) + in + let coefficient_compressed:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_compress_1_ #v_Vector coefficient + in + let bytes:t_Array u8 (sz 2) = + Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector coefficient_compressed in - let coefficient_compressed:v_Vector = Libcrux_traits.f_compress_1_ coefficient in - let bytes:t_Array u8 (sz 2) = Libcrux_traits.f_serialize_1_ coefficient_compressed in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -252,7 +285,8 @@ let compress_then_serialize_message } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 2 *! i <: usize; Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize } @@ -270,13 +304,15 @@ let compress_then_serialize_message let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> compress_then_serialize_10_ v_OUT_LEN re - | 11ul -> compress_then_serialize_11_ v_OUT_LEN re + | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re + | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -285,15 +321,17 @@ let compress_then_serialize_ring_element_u let compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) = let out, hax_temp_output:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> compress_then_serialize_4_ re out, () <: (t_Slice u8 & Prims.unit) - | 5ul -> compress_then_serialize_5_ re out, () <: (t_Slice u8 & Prims.unit) + | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) | _ -> out, Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -306,16 +344,22 @@ let compress_then_serialize_ring_element_v out let deserialize_then_decompress_10_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 20) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -324,7 +368,9 @@ let deserialize_then_decompress_10_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_10_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -333,7 +379,11 @@ let deserialize_then_decompress_10_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 10l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 10l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -343,16 +393,22 @@ let deserialize_then_decompress_10_ re let deserialize_then_decompress_11_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 22) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -361,7 +417,9 @@ let deserialize_then_decompress_11_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_11_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -370,7 +428,11 @@ let deserialize_then_decompress_11_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 11l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 11l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -380,16 +442,22 @@ let deserialize_then_decompress_11_ re let deserialize_then_decompress_4_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 8) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -398,7 +466,9 @@ let deserialize_then_decompress_4_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_4_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -407,7 +477,11 @@ let deserialize_then_decompress_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 4l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 4l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -417,16 +491,22 @@ let deserialize_then_decompress_4_ re let deserialize_then_decompress_5_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 10) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -443,7 +523,7 @@ let deserialize_then_decompress_5_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_deserialize_5_ bytes <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_deserialize_5_ #v_Vector bytes <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -456,7 +536,8 @@ let deserialize_then_decompress_5_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 5l + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 5l (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -469,18 +550,19 @@ let deserialize_then_decompress_5_ re let deserialize_then_decompress_message - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Array u8 (sz 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -490,7 +572,8 @@ let deserialize_then_decompress_message let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i:usize = i in let coefficient_compressed:v_Vector = - Libcrux_traits.f_deserialize_1_ (serialized.[ { + Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector + (serialized.[ { Core.Ops.Range.f_start = sz 2 *! i <: usize; Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize } @@ -507,7 +590,9 @@ let deserialize_then_decompress_message Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_1_ coefficient_compressed <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.decompress_1_ #v_Vector coefficient_compressed + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -518,13 +603,15 @@ let deserialize_then_decompress_message let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> deserialize_then_decompress_10_ serialized - | 11ul -> deserialize_then_decompress_11_ serialized + | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized + | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -533,13 +620,15 @@ let deserialize_then_decompress_ring_element_u let deserialize_then_decompress_ring_element_v (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> deserialize_then_decompress_4_ serialized - | 5ul -> deserialize_then_decompress_5_ serialized + | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized + | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -547,16 +636,22 @@ let deserialize_then_decompress_ring_element_v Rust_primitives.Hax.t_Never) let deserialize_to_reduced_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -565,7 +660,9 @@ let deserialize_to_reduced_ring_element (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_12_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -574,7 +671,9 @@ let deserialize_to_reduced_ring_element Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_cond_subtract_3329_ coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_cond_subtract_3329_ #v_Vector coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -585,21 +684,27 @@ let deserialize_to_reduced_ring_element let deserialize_ring_elements_reduced (v_PUBLIC_KEY_SIZE v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Slice u8) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact public_key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + public_key Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) @@ -616,7 +721,7 @@ let deserialize_ring_elements_reduced let i, ring_element:(usize & t_Slice u8) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk i - (deserialize_to_reduced_ring_element ring_element + (deserialize_to_reduced_ring_element #v_Vector ring_element <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -625,16 +730,22 @@ let deserialize_ring_elements_reduced deserialized_pk let deserialize_to_uncompressed_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -650,7 +761,7 @@ let deserialize_to_uncompressed_ring_element Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_deserialize_12_ bytes <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector bytes <: v_Vector) <: t_Array v_Vector (sz 16) } @@ -660,13 +771,17 @@ let deserialize_to_uncompressed_ring_element re let serialize_uncompressed_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -679,12 +794,12 @@ let serialize_uncompressed_ring_element let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_to_unsigned_representative (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) + in + let bytes:t_Array u8 (sz 24) = + Libcrux_ml_kem.Vector.Traits.f_serialize_12_ #v_Vector coefficient in - let bytes:t_Array u8 (sz 24) = Libcrux_traits.f_serialize_12_ coefficient in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -693,7 +808,8 @@ let serialize_uncompressed_ring_element } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 24 *! i <: usize; Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index aa98844c8..b7aa994d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -3,90 +3,108 @@ module Libcrux_ml_kem.Serialize open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val compress_then_serialize_10_ (v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_4_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_5_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_message - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +/// This function deserializes ring elements and reduces the result by the field +/// modulus. +/// This function MUST NOT be used on secret inputs. +val deserialize_ring_elements_reduced + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: t_Slice u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + val deserialize_then_decompress_10_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_4_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_message - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -94,8 +112,8 @@ val deserialize_then_decompress_message val deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -103,8 +121,8 @@ val deserialize_then_decompress_ring_element_u val deserialize_then_decompress_ring_element_v (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -113,35 +131,23 @@ val deserialize_then_decompress_ring_element_v /// Only use with public values. /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. val deserialize_to_reduced_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -/// This function deserializes ring elements and reduces the result by the field -/// modulus. -/// This function MUST NOT be used on secret inputs. -val deserialize_ring_elements_reduced - (v_PUBLIC_KEY_SIZE v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (public_key: t_Slice u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - val deserialize_to_uncompressed_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val serialize_uncompressed_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti new file mode 100644 index 000000000..2ff16f73c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti @@ -0,0 +1,679 @@ +module Libcrux_ml_kem.Types.Index_impls +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_4 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_5 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_6 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_7 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_8 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_9 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_10 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_11 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_12 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_13 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_14 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_15 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_16 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_17 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_18 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_19 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_20 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_21 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_22 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_23 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 2520d935c..8ef0918fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -5,19 +5,10 @@ open FStar.Mul let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) @@ -29,7 +20,14 @@ let impl__new (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) = - { f_sk = Core.Convert.f_into sk; f_pk = Core.Convert.f_into pk } + { + f_sk + = + Core.Convert.f_into #(t_Array u8 v_PRIVATE_KEY_SIZE) #(t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) sk; + f_pk + = + Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) #(t_MlKemPublicKey v_PUBLIC_KEY_SIZE) pk + } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index e53c97941..9cdbe7435 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -30,7 +30,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemCiphertext v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemCiphertext v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -45,10 +45,6 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -76,7 +72,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemPrivateKey v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemPrivateKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -91,10 +87,6 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -122,7 +114,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemPublicKey v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemPublicKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -137,10 +129,6 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { @@ -156,7 +144,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE) <: @@ -182,7 +170,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE) <: @@ -208,7 +196,7 @@ let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) ( f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst new file mode 100644 index 000000000..dcd78722e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Utils +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN <: bool) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out:t_Array u8 v_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + slice + <: + t_Slice u8) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti new file mode 100644 index 000000000..4a1043b8e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -0,0 +1,8 @@ +module Libcrux_ml_kem.Utils +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Pad the `slice` with `0`s at the end. +val into_padded_array (v_LEN: usize) (slice: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst new file mode 100644 index 000000000..98b81af64 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -0,0 +1,150 @@ +module Libcrux_ml_kem.Vector.Avx2.Arithmetic +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let add (lhs rhs: Core.Core_arch.X86.t____m256i) = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let bitwise_and_with_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + Libcrux_intrinsics.Avx2.mm256_and_si256 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant <: Core.Core_arch.X86.t____m256i) + +let multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant <: Core.Core_arch.X86.t____m256i) + +let shift_right (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) = + Libcrux_intrinsics.Avx2.mm256_srai_epi16 v_SHIFT_BY vector + +let sub (lhs rhs: Core.Core_arch.X86.t____m256i) = Libcrux_intrinsics.Avx2.mm256_sub_epi16 lhs rhs + +let barrett_reduce (vector: Core.Core_arch.X86.t____m256i) = + let t:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 v_BARRETT_MULTIPLIER + <: + Core.Core_arch.X86.t____m256i) + in + let t:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_add_epi16 t + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 512s <: Core.Core_arch.X86.t____m256i) + in + let quotient:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_srai_epi16 10l t in + let quotient_times_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 quotient + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 vector quotient_times_field_modulus + +let cond_subtract_3329_ (vector: Core.Core_arch.X86.t____m256i) = + let field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let vv_minus_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_sub_epi16 vector field_modulus + in + let sign_mask:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_srai_epi16 15l vv_minus_field_modulus + in + let conditional_add_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_and_si256 sign_mask field_modulus + in + Libcrux_intrinsics.Avx2.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus + +let montgomery_multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + let constant:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant in + let value_low:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 vector constant + in + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 vector constant + in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_multiply_by_constants (v c: Core.Core_arch.X86.t____m256i) = + let value_low:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mullo_epi16 v c in + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 v c in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_multiply_m128i_by_constants (v c: Core.Core_arch.X86.t____m128i) = + let value_low:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm_mullo_epi16 v c in + let k:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m128i) + in + let k_times_modulus:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m128i) + in + let value_high:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm_mulhi_epi16 v c in + Libcrux_intrinsics.Avx2.mm_sub_epi16 value_high k_times_modulus + +let montgomery_reduce_i32s (v: Core.Core_arch.X86.t____m256i) = + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 v + (Libcrux_intrinsics.Avx2.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i32) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + i16) + <: + i32) + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_srli_epi32 16l v in + let result:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + in + let result:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_slli_epi32 16l result in + Libcrux_intrinsics.Avx2.mm256_srai_epi32 16l result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti new file mode 100644 index 000000000..b808a037f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -0,0 +1,41 @@ +module Libcrux_ml_kem.Vector.Avx2.Arithmetic +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_BARRETT_MULTIPLIER: i16 = Rust_primitives.Hax.dropped_body + +val add (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +/// See Section 3.2 of the implementation notes document for an explanation +/// of this code. +val barrett_reduce (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val bitwise_and_with_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val cond_subtract_3329_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constants (v c: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_m128i_by_constants (v c: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_reduce_i32s (v: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val shift_right (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val sub (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst new file mode 100644 index 000000000..4f3a8bf4c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -0,0 +1,178 @@ +module Libcrux_ml_kem.Vector.Avx2.Compress +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let mulhi_mm256_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) = + let prod02:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mul_epu32 lhs rhs in + let prod13:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mul_epu32 (Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l lhs + <: + Core.Core_arch.X86.t____m256i) + (Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l rhs <: Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_unpackhi_epi64 (Libcrux_intrinsics.Avx2.mm256_unpacklo_epi32 prod02 + prod13 + <: + Core.Core_arch.X86.t____m256i) + (Libcrux_intrinsics.Avx2.mm256_unpackhi_epi32 prod02 prod13 <: Core.Core_arch.X86.t____m256i) + +let compress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Core.Core_arch.X86.t____m256i) + = + let field_modulus_halved:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 (((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + i16) + <: + i32) -! + 1l + <: + i32) /! + 2l + <: + i32) + in + let compression_factor:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 10321340l + in + let coefficient_bits_mask:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 ((1l < Prims.l_True) + +val compress_message_coefficient (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mulhi_mm256_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst new file mode 100644 index 000000000..e91e3563f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -0,0 +1,211 @@ +module Libcrux_ml_kem.Vector.Avx2.Ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let inv_ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l vector in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 160l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s + (-1s) (-1s) 1s 1s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs in + let sum_times_zetas:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_intrinsics.Avx2.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 0s 0s zeta1 zeta1 0s 0s + zeta0 zeta0 0s 0s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce sum + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 204l sum sum_times_zetas + +let inv_ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) = + let lhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 245l vector + in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 160l vector + in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s (-1s) (-1s) (-1s) + (-1s) 1s 1s 1s 1s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs in + let sum_times_zetas:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_intrinsics.Avx2.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s 0s 0s zeta0 zeta0 zeta0 + zeta0 0s 0s 0s 0s + <: + Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 240l sum sum_times_zetas + +let inv_ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) = + let lhs:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l vector + in + let rhs:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm256_castsi256_si128 vector in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_add_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_sub_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients + (Libcrux_intrinsics.Avx2.mm_set1_epi16 zeta <: Core.Core_arch.X86.t____m128i) + in + let combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_castsi128_si256 lower_coefficients + in + Libcrux_intrinsics.Avx2.mm256_inserti128_si256 1l combined upper_coefficients + +let ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let zetas:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 <: i16) + (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) + (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 + in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 160l vector in + Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) = + let zetas:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 + zeta0 + in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 238l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 68l vector in + Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) = + let rhs:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l vector + in + let rhs:Core.Core_arch.X86.t____m128i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs + (Libcrux_intrinsics.Avx2.mm_set1_epi16 zeta <: Core.Core_arch.X86.t____m128i) + in + let lhs:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm256_castsi256_si128 vector in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_add_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_sub_epi16 lhs rhs + in + let combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_castsi128_si256 lower_coefficients + in + Libcrux_intrinsics.Avx2.mm256_inserti128_si256 1l combined upper_coefficients + +let ntt_multiply (lhs rhs: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let shuffle_with:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y 15y + 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y + in + let lhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 lhs shuffle_with + in + let lhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 216l lhs_shuffled + in + let lhs_evens:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 lhs_shuffled + in + let lhs_evens:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 lhs_evens + in + let lhs_odds:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l lhs_shuffled + in + let lhs_odds:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 lhs_odds + in + let rhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 rhs shuffle_with + in + let rhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 216l rhs_shuffled + in + let rhs_evens:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 rhs_shuffled + in + let rhs_evens:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 rhs_evens + in + let rhs_odds:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l rhs_shuffled + in + let rhs_odds:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 rhs_odds + in + let left:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 lhs_evens rhs_evens + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 lhs_odds rhs_odds + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s right + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 right + (Libcrux_intrinsics.Avx2.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast (zeta3 <: i16) <: i32) + <: + i32) + (cast (zeta3 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) + (cast (zeta2 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) + (cast (zeta1 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) + (cast (zeta0 <: i16) <: i32) + <: + Core.Core_arch.X86.t____m256i) + in + let products_left:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_add_epi32 left right + in + let products_left:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_left + in + let rhs_adjacent_swapped:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + <: + Core.Core_arch.X86.t____m256i) + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_madd_epi16 lhs rhs_adjacent_swapped + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_right + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_slli_epi32 16l products_right + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 170l products_left products_right diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti new file mode 100644 index 000000000..75b8e11b7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -0,0 +1,27 @@ +module Libcrux_ml_kem.Vector.Avx2.Ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val inv_ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val inv_ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val inv_ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_multiply (lhs rhs: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +let ntt_multiply__PERMUTE_WITH: i32 = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst new file mode 100644 index 000000000..0c920b70f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst @@ -0,0 +1,423 @@ +module Libcrux_ml_kem.Vector.Avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector + +let serialize_11_ (v: t_PortableVector) = + let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast (v.f_elements.[ sz 0 ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (((cast ((v.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((v.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (((cast ((v.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (((cast ((v.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (((cast ((v.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (cast (v.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (((cast ((v.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast (((v.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (((cast ((v.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 20) + (((cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l <: i16) <: u8) + in + result + +let to_i16_array (v: t_PortableVector) = v.f_elements + +let zero (_: Prims.unit) = + { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector + +let deserialize_11_ (bytes: t_Slice u8) = + let result:t_PortableVector = zero () in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 2) + (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 3) + ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 5) + (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 6) + ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 7) + (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 8) + ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 10) + (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 11) + ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 12) + ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 13) + (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 14) + ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + t_PortableVector + in + let result:t_PortableVector = + { + result with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_elements + (sz 15) + (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + t_PortableVector + in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti new file mode 100644 index 000000000..ec0c98177 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti @@ -0,0 +1,23 @@ +module Libcrux_ml_kem.Vector.Avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_FieldElement = i16 + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val from_i16_array (array: t_Array i16 (sz 16)) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (v: t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val to_i16_array (v: t_PortableVector) + : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + +val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst new file mode 100644 index 000000000..c8b83fae6 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -0,0 +1,78 @@ +module Libcrux_ml_kem.Vector.Avx2.Sampling +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = + let field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let potential_coefficients:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input + in + let compare_with_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cmpgt_epi16 field_modulus potential_coefficients + in + let good:t_Array u8 (sz 2) = + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ compare_with_field_modulus + in + let lower_shuffles:t_Array u8 (sz 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] + <: + u8) + <: + usize ] + in + let lower_shuffles:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles <: t_Slice u8) + in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 potential_coefficients + in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_shuffle_epi8 lower_coefficients lower_shuffles + in + let output:t_Slice i16 = Libcrux_intrinsics.Avx2.mm_storeu_si128 output lower_coefficients in + let sampled_count:usize = + cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize + in + let upper_shuffles:t_Array u8 (sz 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] + <: + u8) + <: + usize ] + in + let upper_shuffles:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles <: t_Slice u8) + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l potential_coefficients + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_shuffle_epi8 upper_coefficients upper_shuffles + in + let output:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range output + ({ + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Libcrux_intrinsics.Avx2.mm_storeu_si128 (output.[ { + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + upper_coefficients + <: + t_Slice i16) + in + let hax_temp_output:usize = + sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) + in + output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti new file mode 100644 index 000000000..361ba6196 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -0,0 +1,7 @@ +module Libcrux_ml_kem.Vector.Avx2.Sampling +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val rejection_sample (input: t_Slice u8) (output: t_Slice i16) + : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst new file mode 100644 index 000000000..068b98360 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -0,0 +1,537 @@ +module Libcrux_ml_kem.Vector.Avx2.Serialize +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let deserialize_1_ (bytes: t_Slice u8) = + let coefficients:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) + in + let shift_lsb_to_msb:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) + in + serialized + +let serialize_10_ (vector: Core.Core_arch.X86.t____m256i) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let adjacent_2_combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_madd_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (1s < Prims.l_True) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst new file mode 100644 index 000000000..37cc8b8fd --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -0,0 +1,17 @@ +module Libcrux_ml_kem.Vector.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let from_i16_array (array: t_Slice i16) = + { f_elements = Libcrux_intrinsics.Avx2.mm256_loadu_si256_i16 array } <: t_SIMD256Vector + +let to_i16_array (v: t_SIMD256Vector) = + let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in + let output:t_Array i16 (sz 16) = + Libcrux_intrinsics.Avx2.mm256_storeu_si256_i16 output v.f_elements + in + output + +let zero (_: Prims.unit) = + { f_elements = Libcrux_intrinsics.Avx2.mm256_setzero_si256 () } <: t_SIMD256Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti new file mode 100644 index 000000000..7d65a411a --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -0,0 +1,394 @@ +module Libcrux_ml_kem.Vector.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_SIMD256Vector = { f_elements:Core.Core_arch.X86.t____m256i } + +val from_i16_array (array: t_Slice i16) + : Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) + +val to_i16_array (v: t_SIMD256Vector) + : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + +val zero: Prims.unit -> Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + f_ZERO_pre = (fun (_: Prims.unit) -> true); + f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); + f_ZERO = (fun (_: Prims.unit) -> zero ()); + f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); + f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); + f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); + f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_add + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements } + <: + t_SIMD256Vector); + f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_sub + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } + <: + t_SIMD256Vector); + f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); + f_multiply_by_constant_post = (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> true); + f_multiply_by_constant + = + (fun (v: t_SIMD256Vector) (c: i16) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant v.f_elements c } + <: + t_SIMD256Vector); + f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); + f_bitwise_and_with_constant_post + = + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); + f_bitwise_and_with_constant + = + (fun (vector: t_SIMD256Vector) (constant: i16) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant + } + <: + t_SIMD256Vector); + f_shift_right_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); + f_shift_right_post + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_shift_right + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements + } + <: + t_SIMD256Vector); + f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); + f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_cond_subtract_3329_ + = + (fun (vector: t_SIMD256Vector) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } + <: + t_SIMD256Vector); + f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); + f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_barrett_reduce + = + (fun (vector: t_SIMD256Vector) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce vector.f_elements } + <: + t_SIMD256Vector); + f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); + f_montgomery_multiply_by_constant_post + = + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); + f_montgomery_multiply_by_constant + = + (fun (vector: t_SIMD256Vector) (constant: i16) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements + constant + } + <: + t_SIMD256Vector); + f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); + f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress_1_ + = + (fun (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements + } + <: + t_SIMD256Vector); + f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + f_compress_post + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS + vector.f_elements + } + <: + t_SIMD256Vector); + f_decompress_ciphertext_coefficient_pre + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + f_decompress_ciphertext_coefficient_post + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_decompress_ciphertext_coefficient + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS + vector.f_elements + } + <: + t_SIMD256Vector); + f_ntt_layer_1_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + f_ntt_layer_1_step_post + = + (fun + (vector: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_ntt_layer_1_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 + } + <: + t_SIMD256Vector); + f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_ntt_layer_2_step_post + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + f_ntt_layer_2_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + { + f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 + } + <: + t_SIMD256Vector); + f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_ntt_layer_3_step_post + = + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + f_ntt_layer_3_step + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } + <: + t_SIMD256Vector); + f_inv_ntt_layer_1_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + f_inv_ntt_layer_1_step_post + = + (fun + (vector: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_inv_ntt_layer_1_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements + zeta0 + zeta1 + zeta2 + zeta3 + } + <: + t_SIMD256Vector); + f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_inv_ntt_layer_2_step_post + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + f_inv_ntt_layer_2_step + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 + } + <: + t_SIMD256Vector); + f_inv_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_inv_ntt_layer_3_step_post + = + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + f_inv_ntt_layer_3_step + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } + <: + t_SIMD256Vector); + f_ntt_multiply_pre + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_multiply_post + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: t_SIMD256Vector) + -> + true); + f_ntt_multiply + = + (fun + (lhs: t_SIMD256Vector) + (rhs: t_SIMD256Vector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + { + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements + rhs.f_elements + zeta0 + zeta1 + zeta2 + zeta3 + } + <: + t_SIMD256Vector); + f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); + f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_1_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } + <: + t_SIMD256Vector); + f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); + f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_4_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } + <: + t_SIMD256Vector); + f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); + f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_5_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } + <: + t_SIMD256Vector); + f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); + f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_10_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } + <: + t_SIMD256Vector); + f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); + f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_11_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } + <: + t_SIMD256Vector); + f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_ + = + (fun (vector: t_SIMD256Vector) -> + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); + f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_12_ + = + (fun (bytes: t_Slice u8) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } + <: + t_SIMD256Vector); + f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); + f_rej_sample_post + = + (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); + f_rej_sample + = + fun (input: t_Slice u8) (output: t_Slice i16) -> + let tmp0, out:(t_Slice i16 & usize) = + Libcrux_ml_kem.Vector.Avx2.Sampling.rejection_sample input output + in + let output:t_Slice i16 = tmp0 in + let hax_temp_output:usize = out in + output, hax_temp_output <: (t_Slice i16 & usize) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti new file mode 100644 index 000000000..931341051 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -0,0 +1,6 @@ +module Libcrux_ml_kem.Vector.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti new file mode 100644 index 000000000..fbf536a4b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -0,0 +1,7 @@ +module Libcrux_ml_kem.Vector.Rej_sample_table +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = + Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst new file mode 100644 index 000000000..97eee7c1d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -0,0 +1,32 @@ +module Libcrux_ml_kem.Vector.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decompress_1_ + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + = f_bitwise_and_with_constant #v_T (f_sub #v_T (f_ZERO #v_T () <: v_T) v <: v_T) 1665s + +let montgomery_multiply_fe + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + (fer: i16) + = f_montgomery_multiply_by_constant #v_T v fer + +let to_standard_domain + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + = f_montgomery_multiply_by_constant #v_T v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS + +let to_unsigned_representative + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (a: v_T) + = + let t:v_T = f_shift_right #v_T 15l a in + let fm:v_T = f_bitwise_and_with_constant #v_T t v_FIELD_MODULUS in + f_add #v_T a fm diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti new file mode 100644 index 000000000..5c09d7209 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -0,0 +1,202 @@ +module Libcrux_ml_kem.Vector.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +class t_Operations (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + f_ZERO_pre:Prims.unit -> bool; + f_ZERO_post:Prims.unit -> v_Self -> bool; + f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); + f_from_i16_array_pre:t_Slice i16 -> bool; + f_from_i16_array_post:t_Slice i16 -> v_Self -> bool; + f_from_i16_array:x0: t_Slice i16 + -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); + f_add_pre:v_Self -> v_Self -> bool; + f_add_post:v_Self -> v_Self -> v_Self -> bool; + f_add:x0: v_Self -> x1: v_Self + -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); + f_sub_pre:v_Self -> v_Self -> bool; + f_sub_post:v_Self -> v_Self -> v_Self -> bool; + f_sub:x0: v_Self -> x1: v_Self + -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); + f_multiply_by_constant_pre:v_Self -> i16 -> bool; + f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_multiply_by_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_multiply_by_constant_pre x0 x1) + (fun result -> f_multiply_by_constant_post x0 x1 result); + f_bitwise_and_with_constant_pre:v_Self -> i16 -> bool; + f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> bool; + f_bitwise_and_with_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_bitwise_and_with_constant_pre x0 x1) + (fun result -> f_bitwise_and_with_constant_post x0 x1 result); + f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> bool; + f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> bool; + f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_shift_right_pre v_SHIFT_BY x0) + (fun result -> f_shift_right_post v_SHIFT_BY x0 result); + f_cond_subtract_3329_pre:v_Self -> bool; + f_cond_subtract_3329_post:v_Self -> v_Self -> bool; + f_cond_subtract_3329_:x0: v_Self + -> Prims.Pure v_Self + (f_cond_subtract_3329_pre x0) + (fun result -> f_cond_subtract_3329_post x0 result); + f_barrett_reduce_pre:v_Self -> bool; + f_barrett_reduce_post:v_Self -> v_Self -> bool; + f_barrett_reduce:x0: v_Self + -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); + f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> bool; + f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_montgomery_multiply_by_constant_pre x0 x1) + (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); + f_compress_1_pre:v_Self -> bool; + f_compress_1_post:v_Self -> v_Self -> bool; + f_compress_1_:x0: v_Self + -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; + f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_compress_pre v_COEFFICIENT_BITS x0) + (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; + f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) + (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); + f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 + -> Prims.Pure v_Self + (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) + (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); + f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; + f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 + -> Prims.Pure v_Self + (f_ntt_layer_2_step_pre x0 x1 x2) + (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); + f_ntt_layer_3_step_pre:v_Self -> i16 -> bool; + f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_ntt_layer_3_step:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_ntt_layer_3_step_pre x0 x1) + (fun result -> f_ntt_layer_3_step_post x0 x1 result); + f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) + (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); + f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; + f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_2_step_pre x0 x1 x2) + (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); + f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> bool; + f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_3_step_pre x0 x1) + (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); + f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 + -> Prims.Pure v_Self + (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) + (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); + f_serialize_1_pre:v_Self -> bool; + f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> bool; + f_serialize_1_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 2)) + (f_serialize_1_pre x0) + (fun result -> f_serialize_1_post x0 result); + f_deserialize_1_pre:t_Slice u8 -> bool; + f_deserialize_1_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_1_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); + f_serialize_4_pre:v_Self -> bool; + f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> bool; + f_serialize_4_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 8)) + (f_serialize_4_pre x0) + (fun result -> f_serialize_4_post x0 result); + f_deserialize_4_pre:t_Slice u8 -> bool; + f_deserialize_4_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_4_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); + f_serialize_5_pre:v_Self -> bool; + f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> bool; + f_serialize_5_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 10)) + (f_serialize_5_pre x0) + (fun result -> f_serialize_5_post x0 result); + f_deserialize_5_pre:t_Slice u8 -> bool; + f_deserialize_5_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_5_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); + f_serialize_10_pre:v_Self -> bool; + f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> bool; + f_serialize_10_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 20)) + (f_serialize_10_pre x0) + (fun result -> f_serialize_10_post x0 result); + f_deserialize_10_pre:t_Slice u8 -> bool; + f_deserialize_10_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_10_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); + f_serialize_11_pre:v_Self -> bool; + f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> bool; + f_serialize_11_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 22)) + (f_serialize_11_pre x0) + (fun result -> f_serialize_11_post x0 result); + f_deserialize_11_pre:t_Slice u8 -> bool; + f_deserialize_11_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_11_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); + f_serialize_12_pre:v_Self -> bool; + f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> bool; + f_serialize_12_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 24)) + (f_serialize_12_pre x0) + (fun result -> f_serialize_12_post x0 result); + f_deserialize_12_pre:t_Slice u8 -> bool; + f_deserialize_12_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_12_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); + f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> bool; + f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> bool; + f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 + -> Prims.Pure (t_Slice i16 & usize) + (f_rej_sample_pre x0 x1) + (fun result -> f_rej_sample_post x0 x1 result) +} + +let v_FIELD_ELEMENTS_IN_VECTOR: usize = Rust_primitives.Hax.dropped_body + +let v_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body + +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body + +val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst new file mode 100644 index 000000000..c80c01c5c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst @@ -0,0 +1,4871 @@ +module Libcrux_ml_kem.Vector +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + () + +let barrett_reduce_element (value: i16) = + let t:i32 = + ((Core.Convert.f_from #i32 #i16 value <: i32) *! v_BARRETT_MULTIPLIER <: i32) +! + (v_BARRETT_R >>! 1l <: i32) + in + let quotient:i16 = cast (t >>! v_BARRETT_SHIFT <: i32) <: i16 in + value -! (quotient *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) + +let compress_message_coefficient (fe: u16) = + let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in + let mask:i16 = shifted >>! 15l in + let shifted_to_positive:i16 = mask ^. shifted in + let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in + cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 + +let get_n_least_significant_bits (n: u8) (value: u32) = value &. ((1ul <>! 35l in + cast (get_n_least_significant_bits coefficient_bits (cast (compressed <: u64) <: u32) <: u32) + <: + i16 + +let montgomery_reduce_element (value: i32) = + let _:i32 = v_MONTGOMERY_R in + let k:i32 = + (cast (cast (value <: i32) <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: i32) + in + let k_times_modulus:i32 = + (cast (cast (k <: i32) <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + in + let c:i16 = cast (k_times_modulus >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in + let value_high:i16 = cast (value >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in + value_high -! c + +let montgomery_multiply_fe_by_fer (fe fer: i16) = + montgomery_reduce_element ((cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) <: i32) + +let ntt_multiply_binomials (a0, a1: (i16 & i16)) (b0, b1: (i16 & i16)) (zeta: i16) = + montgomery_reduce_element (((cast (a0 <: i16) <: i32) *! (cast (b0 <: i16) <: i32) <: i32) +! + ((cast (montgomery_reduce_element ((cast (a1 <: i16) <: i32) *! (cast (b1 <: i16) <: i32) + <: + i32) + <: + i16) + <: + i32) *! + (cast (zeta <: i16) <: i32) + <: + i32) + <: + i32), + montgomery_reduce_element (((cast (a0 <: i16) <: i32) *! (cast (b1 <: i16) <: i32) <: i32) +! + ((cast (a1 <: i16) <: i32) *! (cast (b0 <: i16) <: i32) <: i32) + <: + i32) + <: + (i16 & i16) + +let rej_sample (a: t_Slice u8) (result: t_Slice i16) = + let sampled:usize = sz 0 in + let result, sampled:(t_Slice i16 & usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks + u8) + (Core.Slice.impl__chunks #u8 a (sz 3) <: Core.Slice.Iter.t_Chunks u8) + <: + Core.Slice.Iter.t_Chunks u8) + (result, sampled <: (t_Slice i16 & usize)) + (fun temp_0_ bytes -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let bytes:t_Slice u8 = bytes in + let b1:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in + let b2:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in + let b3:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in + let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let result, sampled:(t_Slice i16 & usize) = + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + then + let result:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 + in + result, sampled +! sz 1 <: (t_Slice i16 & usize) + else result, sampled <: (t_Slice i16 & usize) + in + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + then + let result:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 + in + result, sampled +! sz 1 <: (t_Slice i16 & usize) + else result, sampled <: (t_Slice i16 & usize)) + in + let hax_temp_output:usize = sampled in + result, hax_temp_output <: (t_Slice i16 & usize) + +let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + lhs + (fun lhs i -> + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = lhs in + let i:usize = i in + { + lhs with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) +! + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + lhs + +let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (barrett_reduce_element (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) &. c <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let compress (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (compress_message_coefficient (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ + i ] + <: + i16) + <: + u16) + <: + u8) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.(((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >=. 0s <: bool) && + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <. 4096s <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: v.elements[i] >= 0 && v.elements[i] < 4096" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + if (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >=. 3329s + then + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) -! 3329s <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + else v) + in + v + +let decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + let decompressed:i32 = + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + in + let decompressed:i32 = + (decompressed <>! (v_COEFFICIENT_BITS +! 1l <: i32) in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (decompressed <: i32) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v) + in + v + +let from_i16_array (array: t_Slice i16) = + { + Libcrux_ml_kem.Vector.Portable.f_elements + = + Core.Result.impl__unwrap #(t_Array i16 (sz 16)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice i16) + #(t_Array i16 (sz 16)) + (array.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + <: + Core.Result.t_Result (t_Array i16 (sz 16)) Core.Array.t_TryFromSliceError) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + +let inv_ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let inv_ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let inv_ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] + <: + i16) + c + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) *! c <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 + <: + usize ] + <: + i16) + zeta2 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 + <: + usize ] + <: + i16) + zeta2 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 + <: + usize ] + <: + i16) + zeta3 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 + <: + usize ] + <: + i16) + zeta3 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in + let result:t_Array u8 (sz 2) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:t_Array u8 (sz 2) = result in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + ((result.[ sz 0 ] <: u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u8) < + let result:t_Array u8 (sz 2) = result in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + ((result.[ sz 1 ] <: u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u8) <>! 8l <: i16) &. 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! + 8l + <: + i16) &. + 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! + 6l + <: + i16) &. + 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! + 4l + <: + i16) &. + 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! + 8l + <: + i16) &. + 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! + 6l + <: + i16) &. + 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! + 4l + <: + i16) &. + 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + result + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s + <: + i16) + <: + u8) <>! 8l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! 5l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. + 127s + <: + i16) + <: + u8) <>! + 10l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! 7l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s + <: + i16) + <: + u8) <>! 4l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! 9l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 20) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s + <: + i16) + <: + u8) <>! 6l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l + <: + i16) + <: + u8) + in + result + +let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 22) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + result + +let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 8) = Rust_primitives.Hax.repeat 0uy (sz 8) in + let result:t_Array u8 (sz 8) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 3s <: i16) <>! 4l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) <>! 2l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 7s + <: + i16) <>! 3l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s + <: + i16) <>! 1l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (cast (((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 3s + <: + i16) <>! 4l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) <>! 2l + <: + i16) + <: + i16) + <: + u8) + in + result + +let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >>! v_SHIFT_BY <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + lhs + (fun lhs i -> + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = lhs in + let i:usize = i in + { + lhs with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) -! + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + lhs + +let zero (_: Prims.unit) = + { Libcrux_ml_kem.Vector.Portable.f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + +let deserialize_1_ (v: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = result in + let i:usize = i in + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = result in + let i:usize = i in + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + result + +let deserialize_10_ (bytes: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((((cast (bytes.[ sz 10 +! sz 1 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + ((((cast (bytes.[ sz 10 +! sz 3 <: usize ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (((cast (bytes.[ sz 10 +! sz 4 <: usize ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((((cast (bytes.[ sz 10 +! sz 6 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((((cast (bytes.[ sz 10 +! sz 8 <: usize ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (((cast (bytes.[ sz 10 +! sz 9 <: usize ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + result + +let deserialize_11_ (bytes: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + result + +let deserialize_12_ (bytes: t_Slice u8) = + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in + let byte3:i16 = cast (bytes.[ sz 3 ] <: u8) <: i16 in + let byte4:i16 = cast (bytes.[ sz 4 ] <: u8) <: i16 in + let byte5:i16 = cast (bytes.[ sz 5 ] <: u8) <: i16 in + let byte6:i16 = cast (bytes.[ sz 6 ] <: u8) <: i16 in + let byte7:i16 = cast (bytes.[ sz 7 ] <: u8) <: i16 in + let byte8:i16 = cast (bytes.[ sz 8 ] <: u8) <: i16 in + let byte9:i16 = cast (bytes.[ sz 9 ] <: u8) <: i16 in + let byte10:i16 = cast (bytes.[ sz 10 ] <: u8) <: i16 in + let byte11:i16 = cast (bytes.[ sz 11 ] <: u8) <: i16 in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (((byte4 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (((byte7 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (((byte10 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let byte12:i16 = cast (bytes.[ sz 12 ] <: u8) <: i16 in + let byte13:i16 = cast (bytes.[ sz 13 ] <: u8) <: i16 in + let byte14:i16 = cast (bytes.[ sz 14 ] <: u8) <: i16 in + let byte15:i16 = cast (bytes.[ sz 15 ] <: u8) <: i16 in + let byte16:i16 = cast (bytes.[ sz 16 ] <: u8) <: i16 in + let byte17:i16 = cast (bytes.[ sz 17 ] <: u8) <: i16 in + let byte18:i16 = cast (bytes.[ sz 18 ] <: u8) <: i16 in + let byte19:i16 = cast (bytes.[ sz 19 ] <: u8) <: i16 in + let byte20:i16 = cast (bytes.[ sz 20 ] <: u8) <: i16 in + let byte21:i16 = cast (bytes.[ sz 21 ] <: u8) <: i16 in + let byte22:i16 = cast (bytes.[ sz 22 ] <: u8) <: i16 in + let byte23:i16 = cast (bytes.[ sz 23 ] <: u8) <: i16 in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (((byte13 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (((byte16 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (((byte19 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (((byte22 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + re + +let deserialize_4_ (bytes: t_Slice u8) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (cast ((bytes.[ sz 4 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (cast (((bytes.[ sz 4 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (cast ((bytes.[ sz 5 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (cast (((bytes.[ sz 5 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (cast ((bytes.[ sz 6 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (cast (((bytes.[ sz 6 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (cast ((bytes.[ sz 7 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (cast (((bytes.[ sz 7 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let deserialize_5_ (bytes: t_Slice u8) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (cast ((bytes.[ sz 5 +! sz 0 <: usize ] <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (cast ((((bytes.[ sz 5 +! sz 1 <: usize ] <: u8) &. 3uy <: u8) <>! 5l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (cast (((bytes.[ sz 5 +! sz 1 <: usize ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (cast ((((bytes.[ sz 5 +! sz 2 <: usize ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (cast ((((bytes.[ sz 5 +! sz 3 <: usize ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (cast (((bytes.[ sz 5 +! sz 3 <: usize ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (cast ((((bytes.[ sz 5 +! sz 4 <: usize ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (cast ((bytes.[ sz 5 +! sz 4 <: usize ] <: u8) >>! 3l <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_multiply + (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + <: + (i16 & i16)) + zeta0 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + (i16 & i16)) + zeta1 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + <: + (i16 & i16)) + zeta2 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta2 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + (i16 & i16)) + zeta3 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta3 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti new file mode 100644 index 000000000..d5b86c87e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -0,0 +1,729 @@ +module Libcrux_ml_kem.Vector +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + () + +/// Values having this type hold a representative 'x' of the Kyber field. +/// We use 'fe' as a shorthand for this type. +unfold +let t_FieldElement = i16 + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R (mod FIELD_MODULUS). +/// We use 'fer' as a shorthand for this type. +unfold +let t_FieldElementTimesMontgomeryR = i16 + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS). +/// We use 'mfe' as a shorthand for this type +unfold +let t_MontgomeryFieldElement = i16 + +/// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ +let v_BARRETT_MULTIPLIER: i32 = Rust_primitives.Hax.dropped_body + +let v_BARRETT_R: i32 = Rust_primitives.Hax.dropped_body + +let v_BARRETT_SHIFT: i32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_R: i32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_SHIFT: u8 = Rust_primitives.Hax.dropped_body + +/// Signed Barrett Reduction +/// Given an input `value`, `barrett_reduce` outputs a representative `result` +/// such that: +/// - result ≡ value (mod FIELD_MODULUS) +/// - the absolute value of `result` is bound as follows: +/// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) +/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +val barrett_reduce_element (value: i16) + : Prims.Pure i16 + (requires + (Core.Convert.f_from #i32 #i16 value <: i32) >. (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i32) && + (Core.Convert.f_from #i32 #i16 value <: i32) <. v_BARRETT_R) + (ensures + fun result -> + let result:i16 = result in + result >. (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) && + result <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + +val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) + : Prims.Pure i16 + (requires + Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"55\"; line = \"182\" };\n lo = { Types.col = \"4\"; line = \"177\" } };\n ty = Types.Never }" + ) + (ensures + fun result -> + let result:i16 = result in + result >=. 0s && + result <. (Core.Num.impl__i16__pow 2s (cast (coefficient_bits <: u8) <: u32) <: i16)) + +/// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS +/// 203 standard (Page 18, Expression 4.5), which is defined as: +/// ```plaintext +/// Compress_d: ℤq -> ℤ_{2ᵈ} +/// Compress_d(x) = ⌈(2ᵈ/q)·x⌋ +/// ``` +/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have: +/// ```plaintext +/// Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ +/// = ⌊(2^{d+1}·x + q) / 2q⌋ +/// ``` +/// For further information about the function implementations, consult the +/// `implementation_notes.pdf` document in this directory. +/// The NIST FIPS 203 standard can be found at +/// . +val compress_message_coefficient (fe: u16) + : Prims.Pure u8 + (requires + Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"80\"; line = \"146\" };\n lo = { Types.col = \"16\"; line = \"146\" } };\n ty = Types.Never }" + ) + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool) && + Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool)) + +val get_n_least_significant_bits (n: u8) (value: u32) + : Prims.Pure u32 + (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) + (ensures + fun result -> + let result:u32 = result in + result <. (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into #u8 #u32 n <: u32) <: u32)) + +/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to +/// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to +/// `x · y`, as follows: +/// `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` +/// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative +/// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. +val montgomery_multiply_fe_by_fer (fe fer: i16) + : Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) + +/// Signed Montgomery Reduction +/// Given an input `value`, `montgomery_reduce` outputs a representative `o` +/// such that: +/// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) +/// - the absolute value of `o` is bound as follows: +/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) +/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. +val montgomery_reduce_element (value: i32) + : Prims.Pure i16 + (requires + Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"114\"; line = \"80\" };\n lo = { Types.col = \"16\"; line = \"80\" } };\n ty = Types.Never }" + ) + (ensures + fun result -> + let result:i16 = result in + result >=. + ((Core.Ops.Arith.Neg.neg (3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) + <: + i16) /! + 2s + <: + i16) && + result <=. ((3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) /! 2s <: i16)) + +/// Compute the product of two Kyber binomials with respect to the +/// modulus `X² - zeta`. +/// This function almost implements Algorithm 11 of the +/// NIST FIPS 203 standard, which is reproduced below: +/// ```plaintext +/// Input: a₀, a₁, b₀, b₁ ∈ ℤq. +/// Input: γ ∈ ℤq. +/// Output: c₀, c₁ ∈ ℤq. +/// c₀ ← a₀·b₀ + a₁·b₁·γ +/// c₁ ← a₀·b₁ + a₁·b₀ +/// return c₀, c₁ +/// ``` +/// We say "almost" because the coefficients output by this function are in +/// the Montgomery domain (unlike in the specification). +/// The NIST FIPS 203 standard can be found at +/// . +val ntt_multiply_binomials: (i16 & i16) -> (i16 & i16) -> zeta: i16 + -> Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + +val rej_sample (a: t_Slice u8) (result: t_Slice i16) + : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + +val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val compress (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val compress_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_1_ (v: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val from_i16_array (array: t_Slice i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_multiply + (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +val shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val zero: Prims.unit + -> Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_kem.Vector.Traits.t_Operations Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + f_ZERO_pre = (fun (_: Prims.unit) -> true); + f_ZERO_post + = + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_ZERO = (fun (_: Prims.unit) -> zero ()); + f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); + f_from_i16_array_post + = + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); + f_add_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_add_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_add + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + add lhs rhs); + f_sub_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_sub_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_sub + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + sub lhs rhs); + f_multiply_by_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> true); + f_multiply_by_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (c: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_multiply_by_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> multiply_by_constant v c); + f_bitwise_and_with_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> true); + f_bitwise_and_with_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (c: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_bitwise_and_with_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> + bitwise_and_with_constant v c); + f_shift_right_pre + = + (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_shift_right_post + = + (fun + (v_SHIFT_BY: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_shift_right + = + (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + shift_right v_SHIFT_BY v); + f_cond_subtract_3329_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_cond_subtract_3329_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_cond_subtract_3329_ + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> cond_subtract_3329_ v); + f_barrett_reduce_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_barrett_reduce_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_barrett_reduce + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> barrett_reduce v); + f_montgomery_multiply_by_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (r: i16) -> true); + f_montgomery_multiply_by_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (r: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_montgomery_multiply_by_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (r: i16) -> + montgomery_multiply_by_constant v r); + f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_compress_1_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_compress_1_ = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> compress_1_ v); + f_compress_pre + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_compress_post + = + (fun + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_compress + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + compress v_COEFFICIENT_BITS v); + f_decompress_ciphertext_coefficient_pre + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_decompress_ciphertext_coefficient_post + = + (fun + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_decompress_ciphertext_coefficient + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + decompress_ciphertext_coefficient v_COEFFICIENT_BITS v); + f_ntt_layer_1_step_pre + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_layer_1_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_1_step + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3); + f_ntt_layer_2_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> true); + f_ntt_layer_2_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_2_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> + ntt_layer_2_step a zeta0 zeta1); + f_ntt_layer_3_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> true); + f_ntt_layer_3_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_3_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> ntt_layer_3_step a zeta + ); + f_inv_ntt_layer_1_step_pre + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_inv_ntt_layer_1_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_1_step + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + inv_ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3); + f_inv_ntt_layer_2_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> true); + f_inv_ntt_layer_2_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_2_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> + inv_ntt_layer_2_step a zeta0 zeta1); + f_inv_ntt_layer_3_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> true); + f_inv_ntt_layer_3_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_3_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> + inv_ntt_layer_3_step a zeta); + f_ntt_multiply_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_multiply_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_multiply + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); + f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_1_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_1_ a); + f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); + f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_4_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_4_ a); + f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); + f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_5_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_5_ a); + f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); + f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_10_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_10_ a); + f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); + f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_11_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_11_ a); + f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); + f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_12_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_12_ a); + f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a); + f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); + f_rej_sample_post + = + (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true); + f_rej_sample + = + fun (a: t_Slice u8) (out: t_Slice i16) -> + let tmp0, out1:(t_Slice i16 & usize) = rej_sample a out in + let out:t_Slice i16 = tmp0 in + let hax_temp_output:usize = out1 in + out, hax_temp_output <: (t_Slice i16 & usize) + } diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti new file mode 100644 index 000000000..061612251 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti @@ -0,0 +1,46 @@ +module Libcrux_sha3.Avx2.X4.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_KeccakState4 = { + f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i +} + +/// Initialise the state and perform up to 4 absorbs at the same time, +/// using two [`KeccakState4`]. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_absorb_finalxN (v_N: usize) (input: t_Array (t_Array u8 (sz 34)) v_N) + : Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState4`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeeze3xN (v_LEN v_N: usize) (state: t_KeccakState4) + : Prims.Pure (t_KeccakState4 & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState4`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeezexN (v_LEN v_N: usize) (state: t_KeccakState4) + : Prims.Pure (t_KeccakState4 & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_absorb_final (s: t_KeccakState4) (data0 data1 data2 data3: t_Slice u8) + : Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the [`KeccakState4`]. +val shake128_init: Prims.unit -> Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_first_three_blocks (s: t_KeccakState4) (out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_KeccakState4 & t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_squeeze_next_block (s: t_KeccakState4) (out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_KeccakState4 & t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti new file mode 100644 index 000000000..91f8501c5 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti @@ -0,0 +1,15 @@ +module Libcrux_sha3.Avx2.X4 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Run up to 4 SHAKE256 operations in parallel. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake256xN (v_LEN v_N: usize) (input: t_Array (t_Array u8 (sz 33)) v_N) + : Prims.Pure (t_Array (t_Array u8 v_LEN) v_N) Prims.l_True (fun _ -> Prims.l_True) + +/// Perform 4 SHAKE256 operations in parallel +val shake256 (input0 input1 input2 input3 out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst new file mode 100644 index 000000000..cea4f9ac0 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst @@ -0,0 +1,255 @@ +module Libcrux_sha3.Generic_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits in + () + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn keccak( + data: [&[int]; N], + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "keccak"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_and_last( + s: &libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_and_last"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_block( + s: &libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_block"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_five_blocks( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_five_blocks"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_three_blocks( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_three_blocks"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_last( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_last"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_next_block( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_next_block"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti new file mode 100644 index 000000000..a7245528f --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti @@ -0,0 +1,13 @@ +module Libcrux_sha3.Generic_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits in + () + +val t_KeccakState (v_N: usize) (#v_T: Type0) {| i1: Libcrux_sha3.Traits.t_KeccakStateItem v_T v_N |} + : Type0 diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti new file mode 100644 index 000000000..30113dfaf --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti @@ -0,0 +1,40 @@ +module Libcrux_sha3.Neon.X2.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_KeccakState2 = { f_state:t_Array Libcrux_sha3.Portable.t_KeccakState1 (sz 2) } + +/// Initialise the state and perform up to 4 absorbs at the same time, +/// using two [`KeccakState2`]. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_absorb_finalxN (v_N: usize) (input: t_Array (t_Array u8 (sz 34)) v_N) + : Prims.Pure (t_Array t_KeccakState2 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState2`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeeze3xN (v_LEN v_N: usize) (state: t_Array t_KeccakState2 (sz 2)) + : Prims.Pure (t_Array t_KeccakState2 (sz 2) & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState2`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeezexN (v_LEN v_N: usize) (state: t_Array t_KeccakState2 (sz 2)) + : Prims.Pure (t_Array t_KeccakState2 (sz 2) & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_absorb_final (s: t_KeccakState2) (data0 data1: t_Slice u8) + : Prims.Pure t_KeccakState2 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the `KeccakState2`. +val shake128_init: Prims.unit -> Prims.Pure t_KeccakState2 Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_first_three_blocks (s: t_KeccakState2) (out0 out1: t_Slice u8) + : Prims.Pure (t_KeccakState2 & t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_next_block (s: t_KeccakState2) (out0 out1: t_Slice u8) + : Prims.Pure (t_KeccakState2 & t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti new file mode 100644 index 000000000..521b0ebf2 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti @@ -0,0 +1,14 @@ +module Libcrux_sha3.Neon.X2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Run up to 4 SHAKE256 operations in parallel. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake256xN (v_LEN v_N: usize) (input: t_Array (t_Array u8 (sz 33)) v_N) + : Prims.Pure (t_Array (t_Array u8 v_LEN) v_N) Prims.l_True (fun _ -> Prims.l_True) + +/// Run SHAKE256 on both inputs in parallel. +/// Writes the two results into `out0` and `out1` +val shake256 (input0 input1 out0 out1: t_Slice u8) + : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti new file mode 100644 index 000000000..28b47c4f9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti @@ -0,0 +1,24 @@ +module Libcrux_sha3.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// A portable SHA3 224 implementation. +val sha224 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 256 implementation. +val sha256 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 384 implementation. +val sha384 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 512 implementation. +val sha512 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE128 implementation. +val shake128 (v_LEN: usize) (digest: t_Array u8 v_LEN) (data: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE256 implementation. +val shake256 (v_LEN: usize) (digest: t_Array u8 v_LEN) (data: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti new file mode 100644 index 000000000..1bf58e63e --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti @@ -0,0 +1,30 @@ +module Libcrux_sha3.Portable.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Absorb +val shake128_absorb_final (s: Libcrux_sha3.Portable.t_KeccakState1) (data0: t_Slice u8) + : Prims.Pure Libcrux_sha3.Portable.t_KeccakState1 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the SHAKE state. +val shake128_init: Prims.unit + -> Prims.Pure Libcrux_sha3.Portable.t_KeccakState1 Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze five blocks +val shake128_squeeze_first_five_blocks (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze three blocks +val shake128_squeeze_first_three_blocks (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze another block +val shake128_squeeze_next_block (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst new file mode 100644 index 000000000..47ead7e32 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst @@ -0,0 +1,34 @@ +module Libcrux_sha3.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn keccakx1( + data: [&[int]; 1], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "keccakx1"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti new file mode 100644 index 000000000..4e914abbc --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti @@ -0,0 +1,26 @@ +module Libcrux_sha3.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// A portable SHA3 224 implementation. +val sha224 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 256 implementation. +val sha256 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 384 implementation. +val sha384 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 512 implementation. +val sha512 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE128 implementation. +val shake128 (digest data: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE256 implementation. +val shake256 (digest data: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +type t_KeccakState1 = { f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 } diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst new file mode 100644 index 000000000..9e2f1444c --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst @@ -0,0 +1,187 @@ +module Libcrux_sha3.Portable_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_1_( + out: [&mut [int]; 1], + mid: int, +) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_1"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[int; 5]; 5], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem for int { + fn f_zero(_: tuple0) -> int { + { + 0 + } + } + fn f_xor5(a: int, b: int, c: int, d: int, e: int) -> int { + { + libcrux_sha3::portable_keccak::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor(a: int, b: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant(a: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__veorq_n_u64(a, c) + } + } + fn f_xor(a: int, b: int) -> int { + { + core::ops::bit::BitXor::bitxor(a, b) + } + } + fn f_load_block( + mut a: [[int; 5]; 5], + b: [&[int]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[int; 5]; 5], + b: [&mut [int]; 1], + ) -> tuple0 { + { + libcrux_sha3::portable_keccak::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[int; 5]; 5], + b: [[int; 200]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block_full::( + &mut (a), + b, + ) + } + }; + a + } + } + fn f_store_block_full( + a: &[[int; 5]; 5], + ) -> [[int; 200]; 1] { + { + libcrux_sha3::portable_keccak::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 1], start: int, len: int) -> [&[int]; 1] { + { + libcrux_sha3::portable_keccak::slice_1_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 1], + mid: int, + ) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + { + libcrux_sha3::portable_keccak::split_at_mut_1_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti new file mode 100644 index 000000000..8eeae34d6 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti @@ -0,0 +1,218 @@ +module Libcrux_sha3.Portable_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val v__vbcaxq_u64 (a b c: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__veor5q_u64 (a b c d e: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__veorq_n_u64 (a c: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__vrax1q_u64 (a b: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__vxarq_u64 (v_LEFT v_RIGHT: i32) (a b: u64) + : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val load_block + (v_RATE: usize) + (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + (blocks: t_Array (t_Slice u8) (sz 1)) + : Prims.Pure (t_Array (t_Array u64 (sz 5)) (sz 5)) Prims.l_True (fun _ -> Prims.l_True) + +val load_block_full + (v_RATE: usize) + (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + (blocks: t_Array (t_Array u8 (sz 200)) (sz 1)) + : Prims.Pure (t_Array (t_Array u64 (sz 5)) (sz 5)) Prims.l_True (fun _ -> Prims.l_True) + +val rotate_left (v_LEFT v_RIGHT: i32) (x: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val slice_1_ (a: t_Array (t_Slice u8) (sz 1)) (start len: usize) + : Prims.Pure (t_Array (t_Slice u8) (sz 1)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_1_( + out: [&mut [int]; 1], + mid: int, +) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_1"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[int; 5]; 5], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +val store_block_full (v_RATE: usize) (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + : Prims.Pure (t_Array (t_Array u8 (sz 200)) (sz 1)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem for int { + fn f_zero(_: tuple0) -> int { + { + 0 + } + } + fn f_xor5(a: int, b: int, c: int, d: int, e: int) -> int { + { + libcrux_sha3::portable_keccak::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor(a: int, b: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant(a: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__veorq_n_u64(a, c) + } + } + fn f_xor(a: int, b: int) -> int { + { + core::ops::bit::BitXor::bitxor(a, b) + } + } + fn f_load_block( + mut a: [[int; 5]; 5], + b: [&[int]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[int; 5]; 5], + b: [&mut [int]; 1], + ) -> tuple0 { + { + libcrux_sha3::portable_keccak::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[int; 5]; 5], + b: [[int; 200]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block_full::( + &mut (a), + b, + ) + } + }; + a + } + } + fn f_store_block_full( + a: &[[int; 5]; 5], + ) -> [[int; 200]; 1] { + { + libcrux_sha3::portable_keccak::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 1], start: int, len: int) -> [&[int]; 1] { + { + libcrux_sha3::portable_keccak::slice_1_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 1], + mid: int, + ) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + { + libcrux_sha3::portable_keccak::split_at_mut_1_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst new file mode 100644 index 000000000..d3a7b18d9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst @@ -0,0 +1,214 @@ +module Libcrux_sha3.Simd.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_4_( + out: [&mut [int]; 4], + mid: int, +) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_4"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[core::core_arch::x86::t____m256i; 5]; 5], + out: [&mut [int]; 4], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem + for core::core_arch::x86::t____m256i +{ + fn f_zero(_: tuple0) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_set1_epi64x(0) + } + } + fn f_xor5( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + d: core::core_arch::x86::t____m256i, + e: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant( + a: core::core_arch::x86::t____m256i, + c: int, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veorq_n_u64(a, c) + } + } + fn f_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_xor_si256(a, b) + } + } + fn f_load_block( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [&[int]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + b: [&mut [int]; 4], + ) -> tuple0 { + { + libcrux_sha3::simd::avx2::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [[int; 200]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block_full::(&mut (a), b) + } + }; + a + } + } + fn f_store_block_full( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + ) -> [[int; 200]; 4] { + { + libcrux_sha3::simd::avx2::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 4], start: int, len: int) -> [&[int]; 4] { + { + libcrux_sha3::simd::avx2::slice_4_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 4], + mid: int, + ) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + { + libcrux_sha3::simd::avx2::split_at_mut_4_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti new file mode 100644 index 000000000..e0f54aaa9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti @@ -0,0 +1,256 @@ +module Libcrux_sha3.Simd.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val v__vbcaxq_u64 (a b c: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__veor5q_u64 (a b c d e: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__veorq_n_u64 (a: Core.Core_arch.X86.t____m256i) (c: u64) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__vrax1q_u64 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__vxarq_u64 (v_LEFT v_RIGHT: i32) (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val load_block + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + (blocks: t_Array (t_Slice u8) (sz 4)) + : Prims.Pure (t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + Prims.l_True + (fun _ -> Prims.l_True) + +val load_block_full + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + (blocks: t_Array (t_Array u8 (sz 200)) (sz 4)) + : Prims.Pure (t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + Prims.l_True + (fun _ -> Prims.l_True) + +val rotate_left (v_LEFT v_RIGHT: i32) (x: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val slice_4_ (a: t_Array (t_Slice u8) (sz 4)) (start len: usize) + : Prims.Pure (t_Array (t_Slice u8) (sz 4)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_4_( + out: [&mut [int]; 4], + mid: int, +) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_4"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[core::core_arch::x86::t____m256i; 5]; 5], + out: [&mut [int]; 4], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +val store_block_full + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + : Prims.Pure (t_Array (t_Array u8 (sz 200)) (sz 4)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem + for core::core_arch::x86::t____m256i +{ + fn f_zero(_: tuple0) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_set1_epi64x(0) + } + } + fn f_xor5( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + d: core::core_arch::x86::t____m256i, + e: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant( + a: core::core_arch::x86::t____m256i, + c: int, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veorq_n_u64(a, c) + } + } + fn f_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_xor_si256(a, b) + } + } + fn f_load_block( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [&[int]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + b: [&mut [int]; 4], + ) -> tuple0 { + { + libcrux_sha3::simd::avx2::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [[int; 200]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block_full::(&mut (a), b) + } + }; + a + } + } + fn f_store_block_full( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + ) -> [[int; 200]; 4] { + { + libcrux_sha3::simd::avx2::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 4], start: int, len: int) -> [&[int]; 4] { + { + libcrux_sha3::simd::avx2::slice_4_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 4], + mid: int, + ) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + { + libcrux_sha3::simd::avx2::split_at_mut_4_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst new file mode 100644 index 000000000..af3a30a98 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst @@ -0,0 +1,61 @@ +module Libcrux_sha3.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +/** A trait for multiplexing implementations.*/ +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +trait t_KeccakItem +where + _: core::clone::t_Clone, + _: core::marker::t_Copy, +{ + fn f_zero(_: tuple0) -> Self; + fn f_xor5(_: Self, _: Self, _: Self, _: Self, _: Self) -> Self; + fn f_rotate_left1_and_xor(_: Self, _: Self) -> Self; + fn f_xor_and_rotate(_: Self, _: Self) -> Self; + fn f_and_not_xor(_: Self, _: Self, _: Self) -> Self; + fn f_xor_constant(_: Self, _: int) -> Self; + fn f_xor(_: Self, _: Self) -> Self; + fn f_load_block( + _: [[Self; 5]; 5], + _: [&[int]; N], + ) -> [[Self; 5]; 5]; + fn f_store_block( + _: &[[Self; 5]; 5], + _: [&mut [int]; N], + ) -> tuple0; + fn f_load_block_full( + _: [[Self; 5]; 5], + _: [[int; 200]; N], + ) -> [[Self; 5]; 5]; + fn f_store_block_full( + _: &[[Self; 5]; 5], + ) -> [[int; 200]; N]; + fn f_slice_n(_: [&[int]; N], _: int, _: int) -> [&[int]; N]; + fn f_split_at_mut_n( + _: [&mut [int]; N], + _: int, + ) -> tuple2<[&mut [int]; N], [&mut [int]; N]>; +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "traits"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "KeccakItem"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti new file mode 100644 index 000000000..60af4096d --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti @@ -0,0 +1,27 @@ +module Libcrux_sha3.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits.Internal in + () + +/// A Keccak Item +/// This holds the internal state and depends on the architecture. +class t_KeccakStateItem (v_Self: Type0) (v_N: usize) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_7919791445461910775:Libcrux_sha3.Traits.Internal.t_KeccakItem + v_Self v_N +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl + (v_N: usize) + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_sha3.Traits.Internal.t_KeccakItem v_T v_N) + : t_KeccakStateItem v_T v_N = + { _super_7919791445461910775 = FStar.Tactics.Typeclasses.solve; __marker_trait = () } diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti index fb67a8888..9f4daa21b 100644 --- a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti @@ -3,18 +3,18 @@ module Libcrux_sha3 open Core open FStar.Mul -let discriminant_Algorithm_Sha3_224_: u32 = 1ul +let discriminant_Algorithm_Sha224: u32 = 1ul -let discriminant_Algorithm_Sha3_256_: u32 = 2ul +let discriminant_Algorithm_Sha256: u32 = 2ul -let discriminant_Algorithm_Sha3_384_: u32 = 3ul +let discriminant_Algorithm_Sha384: u32 = 3ul /// The Digest Algorithm. type t_Algorithm = - | Algorithm_Sha3_224_ : t_Algorithm - | Algorithm_Sha3_256_ : t_Algorithm - | Algorithm_Sha3_384_ : t_Algorithm - | Algorithm_Sha3_512_ : t_Algorithm + | Algorithm_Sha224 : t_Algorithm + | Algorithm_Sha256 : t_Algorithm + | Algorithm_Sha384 : t_Algorithm + | Algorithm_Sha512 : t_Algorithm [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Core.Convert.t_From u32 t_Algorithm = @@ -25,25 +25,29 @@ let impl_1: Core.Convert.t_From u32 t_Algorithm = = fun (v: t_Algorithm) -> match v with - | Algorithm_Sha3_224_ -> 1ul - | Algorithm_Sha3_256_ -> 2ul - | Algorithm_Sha3_384_ -> 3ul - | Algorithm_Sha3_512_ -> 4ul + | Algorithm_Sha224 -> 1ul + | Algorithm_Sha256 -> 2ul + | Algorithm_Sha384 -> 3ul + | Algorithm_Sha512 -> 4ul } -let discriminant_Algorithm_Sha3_512_: u32 = 4ul +let discriminant_Algorithm_Sha512: u32 = 4ul val t_Algorithm_cast_to_repr (x: t_Algorithm) : Prims.Pure u32 Prims.l_True (fun _ -> Prims.l_True) +/// A SHA3 224 Digest unfold let t_Sha3_224Digest = t_Array u8 (sz 28) +/// A SHA3 256 Digest unfold let t_Sha3_256Digest = t_Array u8 (sz 32) +/// A SHA3 384 Digest unfold let t_Sha3_384Digest = t_Array u8 (sz 48) +/// A SHA3 512 Digest unfold let t_Sha3_512Digest = t_Array u8 (sz 64) @@ -55,32 +59,30 @@ val hash (v_LEN: usize) (algorithm: t_Algorithm) (payload: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 224 -val sha224 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 28)) Prims.l_True (fun _ -> Prims.l_True) +val sha224 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 28)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 224 +/// Preconditions: +/// - `digest.len() == 28` val sha224_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 256 -val sha256 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val sha256 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 256 val sha256_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 384 -val sha384 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 48)) Prims.l_True (fun _ -> Prims.l_True) +val sha384 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 48)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 384 val sha384_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 512 -val sha512 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +val sha512 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 512 val sha512_ema (digest payload: t_Slice u8) @@ -105,26 +107,12 @@ let impl: Core.Convert.t_From t_Algorithm u32 = = fun (v: u32) -> match v with - | 1ul -> Algorithm_Sha3_224_ <: t_Algorithm - | 2ul -> Algorithm_Sha3_256_ <: t_Algorithm - | 3ul -> Algorithm_Sha3_384_ <: t_Algorithm - | 4ul -> Algorithm_Sha3_512_ <: t_Algorithm + | 1ul -> Algorithm_Sha224 <: t_Algorithm + | 2ul -> Algorithm_Sha256 <: t_Algorithm + | 3ul -> Algorithm_Sha384 <: t_Algorithm + | 4ul -> Algorithm_Sha512 <: t_Algorithm | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = ["Unknown Digest mode "] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (let list = - [Core.Fmt.Rt.impl_1__new_display v <: Core.Fmt.Rt.t_Argument] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" <: Rust_primitives.Hax.t_Never) } diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 0737e2581..ef63a654a 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -7,11 +7,11 @@ use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] #[derive(Clone, Copy)] -pub(crate) struct KeccakState> { +pub(crate) struct KeccakState> { st: [[T; 5]; 5], } -impl> Index for KeccakState { +impl> Index for KeccakState { type Output = [T; 5]; fn index(&self, index: usize) -> &Self::Output { @@ -19,7 +19,7 @@ impl> Index for KeccakState { } } -impl> KeccakState { +impl> KeccakState { /// Create a new Shake128 x4 state. #[inline(always)] pub(crate) fn new() -> Self { @@ -36,7 +36,7 @@ const _ROTC: [usize; 24] = [ ]; #[inline(always)] -pub(crate) fn theta_rho>(s: &mut KeccakState) { +pub(crate) fn theta_rho>(s: &mut KeccakState) { let c: [T; 5] = [ T::xor5(s.st[0][0], s.st[1][0], s.st[2][0], s.st[3][0], s.st[4][0]), T::xor5(s.st[0][1], s.st[1][1], s.st[2][1], s.st[3][1], s.st[4][1]), @@ -88,7 +88,7 @@ const _PI: [usize; 24] = [ ]; #[inline(always)] -pub(crate) fn pi>(s: &mut KeccakState) { +pub(crate) fn pi>(s: &mut KeccakState) { let old = s.st.clone(); s.st[0][1] = old[1][1]; s.st[0][2] = old[2][2]; @@ -117,7 +117,7 @@ pub(crate) fn pi>(s: &mut KeccakState) { } #[inline(always)] -pub(crate) fn chi>(s: &mut KeccakState) { +pub(crate) fn chi>(s: &mut KeccakState) { let old = s.st; for i in 0..5 { for j in 0..5 { @@ -154,12 +154,12 @@ const ROUNDCONSTANTS: [u64; 24] = [ ]; #[inline(always)] -pub(crate) fn iota>(s: &mut KeccakState, i: usize) { +pub(crate) fn iota>(s: &mut KeccakState, i: usize) { s.st[0][0] = T::xor_constant(s.st[0][0], ROUNDCONSTANTS[i]); } #[inline(always)] -pub(crate) fn keccakf1600>(s: &mut KeccakState) { +pub(crate) fn keccakf1600>(s: &mut KeccakState) { for i in 0..24 { theta_rho(s); pi(s); @@ -169,7 +169,7 @@ pub(crate) fn keccakf1600>(s: &mut KeccakState< } #[inline(always)] -pub(crate) fn absorb_block, const RATE: usize>( +pub(crate) fn absorb_block, const RATE: usize>( s: &mut KeccakState, blocks: [&[u8]; N], ) { @@ -178,7 +178,12 @@ pub(crate) fn absorb_block, const RATE: usize>( } #[inline(always)] -pub(crate) fn absorb_final, const RATE: usize, const DELIM: u8>( +pub(crate) fn absorb_final< + const N: usize, + T: KeccakStateItem, + const RATE: usize, + const DELIM: u8, +>( s: &mut KeccakState, last: [&[u8]; N], ) { @@ -195,7 +200,7 @@ pub(crate) fn absorb_final, const RATE: usize, } #[inline(always)] -pub(crate) fn squeeze_first_block, const RATE: usize>( +pub(crate) fn squeeze_first_block, const RATE: usize>( s: &KeccakState, out: [&mut [u8]; N], ) { @@ -203,7 +208,7 @@ pub(crate) fn squeeze_first_block, const RATE: } #[inline(always)] -pub(crate) fn squeeze_next_block, const RATE: usize>( +pub(crate) fn squeeze_next_block, const RATE: usize>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -212,7 +217,11 @@ pub(crate) fn squeeze_next_block, const RATE: u } #[inline(always)] -pub(crate) fn squeeze_first_three_blocks, const RATE: usize>( +pub(crate) fn squeeze_first_three_blocks< + const N: usize, + T: KeccakStateItem, + const RATE: usize, +>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -224,7 +233,11 @@ pub(crate) fn squeeze_first_three_blocks, const } #[inline(always)] -pub(crate) fn squeeze_first_five_blocks, const RATE: usize>( +pub(crate) fn squeeze_first_five_blocks< + const N: usize, + T: KeccakStateItem, + const RATE: usize, +>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -243,7 +256,7 @@ pub(crate) fn squeeze_first_five_blocks, const } #[inline(always)] -pub(crate) fn squeeze_last, const RATE: usize>( +pub(crate) fn squeeze_last, const RATE: usize>( mut s: KeccakState, out: [&mut [u8]; N], ) { @@ -255,7 +268,7 @@ pub(crate) fn squeeze_last, const RATE: usize>( } #[inline(always)] -pub(crate) fn squeeze_first_and_last, const RATE: usize>( +pub(crate) fn squeeze_first_and_last, const RATE: usize>( s: &KeccakState, out: [&mut [u8]; N], ) { @@ -266,7 +279,7 @@ pub(crate) fn squeeze_first_and_last, const RAT } #[inline(always)] -pub(crate) fn keccak, const RATE: usize, const DELIM: u8>( +pub(crate) fn keccak, const RATE: usize, const DELIM: u8>( data: [&[u8]; N], out: [&mut [u8]; N], ) { diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index fd0015804..382a9e483 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -1,6 +1,6 @@ //! A portable SHA3 implementation using the generic implementation. -use crate::traits::*; +use crate::traits::internal::*; #[inline(always)] fn rotate_left(x: u64) -> u64 { diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index 04005c483..f55de7ffb 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -1,4 +1,4 @@ -use crate::traits::*; +use crate::traits::internal::*; use libcrux_intrinsics::avx2::*; #[inline(always)] diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index f8dc30c79..fa3f5f846 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -1,16 +1,25 @@ -/// A trait for multiplexing implementations. -pub trait KeccakItem: Clone + Copy { - fn zero() -> Self; - fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; - fn rotate_left1_and_xor(a: Self, b: Self) -> Self; - fn xor_and_rotate(a: Self, b: Self) -> Self; - fn and_not_xor(a: Self, b: Self, c: Self) -> Self; - fn xor_constant(a: Self, c: u64) -> Self; - fn xor(a: Self, b: Self) -> Self; - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; - fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; - fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); +/// A Keccak Item +/// This holds the internal state and depends on the architecture. +pub trait KeccakStateItem: internal::KeccakItem {} + +// Implement the public trait for all items. +impl> KeccakStateItem for T {} + +pub(crate) mod internal { + /// A trait for multiplexing implementations. + pub trait KeccakItem: Clone + Copy { + fn zero() -> Self; + fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; + fn rotate_left1_and_xor(a: Self, b: Self) -> Self; + fn xor_and_rotate(a: Self, b: Self) -> Self; + fn and_not_xor(a: Self, b: Self, c: Self) -> Self; + fn xor_constant(a: Self, c: u64) -> Self; + fn xor(a: Self, b: Self) -> Self; + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; + fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; + fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); + } } diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti new file mode 100644 index 000000000..35516c01f --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -0,0 +1,51 @@ +module Libcrux_platform.X86 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_Feature = + | Feature_mmx : t_Feature + | Feature_sse : t_Feature + | Feature_sse2 : t_Feature + | Feature_sse3 : t_Feature + | Feature_pclmulqdq : t_Feature + | Feature_ssse3 : t_Feature + | Feature_fma : t_Feature + | Feature_movbe : t_Feature + | Feature_sse4_1_ : t_Feature + | Feature_sse4_2_ : t_Feature + | Feature_popcnt : t_Feature + | Feature_aes : t_Feature + | Feature_xsave : t_Feature + | Feature_osxsave : t_Feature + | Feature_avx : t_Feature + | Feature_rdrand : t_Feature + | Feature_sgx : t_Feature + | Feature_bmi1 : t_Feature + | Feature_avx2 : t_Feature + | Feature_bmi2 : t_Feature + | Feature_avx512f : t_Feature + | Feature_avx512dq : t_Feature + | Feature_rdseed : t_Feature + | Feature_adx : t_Feature + | Feature_avx512ifma : t_Feature + | Feature_avx512pf : t_Feature + | Feature_avx512er : t_Feature + | Feature_avx512cd : t_Feature + | Feature_sha : t_Feature + | Feature_avx512bw : t_Feature + | Feature_avx512vl : t_Feature + +val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) + +/// Initialize CPU detection. +val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) + +val init__cpuid (leaf: u32) + : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) + +val init__cpuid_count (leaf sub_leaf: u32) + : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) + +/// Check hardware [`Feature`] support. +val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) From f12b8942fecc42c0a70570d03cbf622f7e7f06f8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 13:15:16 +0200 Subject: [PATCH 52/74] fix for arm --- libcrux-sha3/src/simd/arm64.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index bc32dea34..773c5e036 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -1,6 +1,6 @@ use libcrux_intrinsics::arm64::*; -use crate::traits::KeccakItem; +use crate::traits::internal::KeccakItem; #[allow(non_camel_case_types)] pub type uint64x2_t = _uint64x2_t; From ed51c08096bda3db3841ce5c896886eeb15ea8d7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 13:34:57 +0200 Subject: [PATCH 53/74] fixed branching on usize --- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 110 +++++- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 313 +++++++++++++++++- .../extraction/Libcrux_ml_kem.Vector.fsti | 6 +- libcrux-ml-kem/src/hash_functions.rs | 14 +- .../Libcrux_sha3.Avx2.X4.Incremental.fsti | 4 +- .../Libcrux_sha3.Neon.X2.Incremental.fsti | 9 +- 6 files changed, 435 insertions(+), 21 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index 2a2d9ad5f..100fd31e0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -88,7 +88,37 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = Libcrux_sha3.Avx2.X4.Incremental.shake128_init () in - let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = "failure" in + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | 3uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | 4uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | _ -> state + in { f_shake128_state = state } <: t_Simd256Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_three_blocks_post @@ -115,7 +145,44 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = ) v_K in - let _:Prims.unit = "failure" in + let _:Prims.unit = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let dummy_out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let dummy_out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(self)),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out1)))),\n )\n };\n Tuple0\n }\n }" + + | 3uy -> + let dummy_out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n )\n };\n Tuple0\n }\n }\n }" + + | 4uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out3), 0)))),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }" + + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize + (let list = + [ + "internal error: entered unreachable code: This function must only be called with N = 2, 3, 4" + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + t_Slice string) + (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () + <: + t_Array Core.Fmt.Rt.t_Argument (sz 0)) + <: + t_Slice Core.Fmt.Rt.t_Argument) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); @@ -142,7 +209,44 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) v_K in - let _:Prims.unit = "failure" in + let _:Prims.unit = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let dummy_out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let dummy_out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(self)),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out1)))),\n )\n };\n Tuple0\n }\n }" + + | 3uy -> + let dummy_out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n )\n };\n Tuple0\n }\n }\n }" + + | 4uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out3), 0)))),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }" + + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize + (let list = + [ + "internal error: entered unreachable code: This function is only called with 2, 3, 4" + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + t_Slice string) + (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () + <: + t_Array Core.Fmt.Rt.t_Argument (sz 0)) + <: + t_Slice Core.Fmt.Rt.t_Argument) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 73dfe8d29..84710b508 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -71,7 +71,42 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = let out:t_Array (t_Array u8 v_LEN) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in - let _:Prims.unit = "failure" in + let _:Prims.unit = + match cast (v_K <: usize) <: u8 with + | 2uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out1): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n Tuple0\n }\n }" + + | 3uy -> + let extra:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out12): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (extra)))),\n )\n };\n Tuple0\n }\n }\n }\n }" + + | 4uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out123): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 3)))),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out2), 0)),\n )),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out3), 0)),\n )),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }\n }" + + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize + (let list = + [ + "internal error: entered unreachable code: Only 2, 3, or 4 are supported for N" + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + t_Slice string) + (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () + <: + t_Array Core.Fmt.Rt.t_Argument (sz 0)) + <: + t_Slice Core.Fmt.Rt.t_Argument) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post @@ -103,7 +138,71 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list in - let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = "failure" in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | 3uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | 4uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | _ -> state + in { f_shake128_state = state } <: t_Simd128Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_three_blocks_post @@ -130,7 +229,42 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = ) v_K in - let _:Prims.unit = "failure" in + let _:Prims.unit = + match cast (v_K <: usize) <: u8 with + | 2uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(self),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n Tuple0\n }\n }" + + | 3uy -> + let extra:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(self),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 1,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (extra)))),\n )\n };\n Tuple0\n }\n }\n }\n }" + + | 4uy -> + Rust_primitives.Hax.failure "" + "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 1,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out2), 0)),\n )),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out3), 0)),\n )),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }\n }" + + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize + (let list = + [ + "internal error: entered unreachable code: This function can only called be called with N = 2, 3, 4" + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); + Rust_primitives.Hax.array_of_list 1 list) + <: + t_Slice string) + (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () + <: + t_Array Core.Fmt.Rt.t_Argument (sz 0)) + <: + t_Slice Core.Fmt.Rt.t_Argument) + <: + Core.Fmt.t_Arguments) + <: + Rust_primitives.Hax.t_Never) + in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd128Hash) -> true); @@ -157,7 +291,178 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) v_K in - let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) = "failure" in + let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + | 3uy -> + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + | 4uy -> + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + | _ -> out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti index d5b86c87e..801b2d38e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -58,7 +58,7 @@ val barrett_reduce_element (value: i16) val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) : Prims.Pure i16 (requires - Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + Rust_primitives.Hax.failure "" "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"55\"; line = \"182\" };\n lo = { Types.col = \"4\"; line = \"177\" } };\n ty = Types.Never }" ) (ensures @@ -85,7 +85,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) val compress_message_coefficient (fe: u16) : Prims.Pure u8 (requires - Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + Rust_primitives.Hax.failure "" "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"80\"; line = \"146\" };\n lo = { Types.col = \"16\"; line = \"146\" } };\n ty = Types.Never }" ) (ensures @@ -127,7 +127,7 @@ val montgomery_multiply_fe_by_fer (fe fer: i16) val montgomery_reduce_element (value: i32) : Prims.Pure i16 (requires - Rust_primitives.Hax.failure "(AST import) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub!\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.\n" + Rust_primitives.Hax.failure "" "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"114\"; line = \"80\" };\n lo = { Types.col = \"16\"; line = \"80\" } };\n ty = Types.Never }" ) (ensures diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 5b0a163b2..e34f23e0c 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -227,7 +227,7 @@ pub(crate) mod avx2 { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = x4::incremental::shake128_init(); - match K { + match K as u8 { 2 => { x4::incremental::shake128_absorb_final( &mut state, &input[0], &input[1], &input[0], &input[0], @@ -255,7 +255,7 @@ pub(crate) mod avx2 { fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { + match K as u8 { 2 => { let mut dummy_out0 = [0u8; THREE_BLOCKS]; let mut dummy_out1 = [0u8; THREE_BLOCKS]; @@ -301,7 +301,7 @@ pub(crate) mod avx2 { fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; - match K { + match K as u8 { 2 => { let mut dummy_out0 = [0u8; BLOCK_SIZE]; let mut dummy_out1 = [0u8; BLOCK_SIZE]; @@ -385,7 +385,7 @@ pub(crate) mod neon { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; - match K { + match K as u8 { 2 => { let (out0, out1) = out.split_at_mut(1); x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); @@ -416,7 +416,7 @@ pub(crate) mod neon { x2::incremental::shake128_init(), x2::incremental::shake128_init(), ]; - match K { + match K as u8 { 2 => { x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); } @@ -441,7 +441,7 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { + match K as u8 { 2 => { let (out0, out1) = out.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( @@ -490,7 +490,7 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; - match K { + match K as u8 { 2 => { let mut out0 = [0u8; BLOCK_SIZE]; let mut out1 = [0u8; BLOCK_SIZE]; diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti index 061612251..9fdd87ec7 100644 --- a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti @@ -3,9 +3,7 @@ module Libcrux_sha3.Avx2.X4.Incremental open Core open FStar.Mul -type t_KeccakState4 = { - f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i -} +type t_KeccakState4 = { f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) } /// Initialise the state and perform up to 4 absorbs at the same time, /// using two [`KeccakState4`]. diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti index 30113dfaf..c9ca03f55 100644 --- a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti @@ -3,7 +3,14 @@ module Libcrux_sha3.Neon.X2.Incremental open Core open FStar.Mul -type t_KeccakState2 = { f_state:t_Array Libcrux_sha3.Portable.t_KeccakState1 (sz 2) } +unfold +let t_KeccakState2Internal = + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 2) Core.Core_arch.Arm_shared.Neon.t_uint64x2_t + +type t_KeccakState2 = { + f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 2) + Core.Core_arch.Arm_shared.Neon.t_uint64x2_t +} /// Initialise the state and perform up to 4 absorbs at the same time, /// using two [`KeccakState2`]. From 19ff422fef38f8066652996a659921f46cf06255 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 13:36:46 +0200 Subject: [PATCH 54/74] fixed branching on usize --- libcrux-ml-kem/src/hash_functions.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index e34f23e0c..0bad7db06 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -171,7 +171,7 @@ pub(crate) mod avx2 { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; - match K { + match K as u8 { 2 => { let mut dummy_out0 = [0u8; LEN]; let mut dummy_out1 = [0u8; LEN]; From 4f3b7e72292761393f6853c1dae1e5ff352fe529 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 13:38:58 +0200 Subject: [PATCH 55/74] restored FIELD_MODULUS --- libcrux-ml-kem/src/constants.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/constants.rs b/libcrux-ml-kem/src/constants.rs index cf89e9348..751e310d7 100644 --- a/libcrux-ml-kem/src/constants.rs +++ b/libcrux-ml-kem/src/constants.rs @@ -1,5 +1,5 @@ /// Field modulus: 3329 -pub(crate) const _FIELD_MODULUS: i16 = 3329; +pub(crate) const FIELD_MODULUS: i16 = 3329; /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent pub(crate) const BITS_PER_COEFFICIENT: usize = 12; From 25b2b5745a13b12121f0755ba6aa33c2e55aca0d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 13:40:38 +0200 Subject: [PATCH 56/74] restored FIELD_MODULUS --- libcrux-ml-kem/src/constants.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/libcrux-ml-kem/src/constants.rs b/libcrux-ml-kem/src/constants.rs index 751e310d7..13a5d7856 100644 --- a/libcrux-ml-kem/src/constants.rs +++ b/libcrux-ml-kem/src/constants.rs @@ -1,3 +1,4 @@ +#[cfg(hax)] /// Field modulus: 3329 pub(crate) const FIELD_MODULUS: i16 = 3329; From 24eed5407e5685671c2eb8a38c11f507af3b9c0a Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 13:40:40 +0200 Subject: [PATCH 57/74] update `Cargo.lock` --- Cargo.lock | 65 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index afa7a0389..0b33d0864 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -180,9 +180,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.98" +version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" +checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" dependencies = [ "jobserver", "libc", @@ -279,9 +279,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.4" +version = "4.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" +checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f" dependencies = [ "clap_builder", "clap_derive", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.2" +version = "4.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" +checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f" dependencies = [ "anstream", "anstyle", @@ -301,9 +301,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.4" +version = "4.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" +checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6" dependencies = [ "heck", "proc-macro2", @@ -313,9 +313,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" +checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70" [[package]] name = "colorchoice" @@ -681,7 +681,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -691,7 +691,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "proc-macro-error", @@ -713,7 +713,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "proc-macro-error", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "proc-macro2", "quote", @@ -737,7 +737,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#3444df704959e5a0865bad11894fc95ada97ee5e" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" dependencies = [ "proc-macro2", "quote", @@ -916,6 +916,8 @@ dependencies = [ "hex", "libcrux", "libcrux-hacl", + "libcrux-hkdf", + "libcrux-hmac", "libcrux-platform", "log", "pretty_env_logger", @@ -949,6 +951,21 @@ dependencies = [ "wasm-bindgen-test", ] +[[package]] +name = "libcrux-hkdf" +version = "0.0.2-pre.2" +dependencies = [ + "libcrux-hacl", +] + +[[package]] +name = "libcrux-hmac" +version = "0.0.2-pre.2" +dependencies = [ + "libcrux-hacl", + "libcrux-hkdf", +] + [[package]] name = "libcrux-intrinsics" version = "0.0.2-pre.2" @@ -1431,9 +1448,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.4" +version = "1.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -1443,9 +1460,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -1454,9 +1471,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "rfc6979" @@ -1725,9 +1742,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "utf8parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" From cc817e833cd783b91626543a6f3fad4fa9f5ed15 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 14:11:15 +0200 Subject: [PATCH 58/74] got rid of split-at-mut --- .../extraction/Libcrux_ml_kem.Constants.fsti | 6 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 296 ++++++++++--- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 415 ++++++++++++++---- .../extraction/Libcrux_ml_kem.Vector.fsti | 11 +- libcrux-ml-kem/src/hash_functions.rs | 234 +++++----- 5 files changed, 684 insertions(+), 278 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 690228f5a..7078563cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -17,6 +17,9 @@ let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body +/// Field modulus: 3329 +let v_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body + /// SHA3 512 digest size let v_G_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body @@ -25,6 +28,3 @@ let v_H_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body /// The size of an ML-KEM shared secret. let v_SHARED_SECRET_SIZE: usize = Rust_primitives.Hax.dropped_body - -/// Field modulus: 3329 -let v__FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index 100fd31e0..2a80b014d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -41,7 +41,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out1: t_Array (t_Array u8 v_LEN) v_K) + (out4: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -63,7 +63,123 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = let out:t_Array (t_Array u8 v_LEN) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in - let _:Prims.unit = "failure" in + let out0:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out1:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out2:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out3:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out, out0, out1, out2, out3:(t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 3uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 4uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | _ -> + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + in out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post @@ -123,7 +239,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_three_blocks_post = - (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + (fun (self: t_Simd256Hash) (out4: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); f_shake128_squeeze_three_blocks = (fun (self: t_Simd256Hash) -> @@ -145,50 +261,70 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = ) v_K in - let _:Prims.unit = + let out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out2:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out3:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_first_three_blocks self.f_shake128_state + out0 + out1 + out2 + out3 + in + let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let out2:t_Array u8 (sz 504) = tmp3 in + let out3:t_Array u8 (sz 504) = tmp4 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = match cast (v_K <: usize) <: u8 with | 2uy -> - let dummy_out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in - let dummy_out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(self)),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out1)))),\n )\n };\n Tuple0\n }\n }" - + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out | 3uy -> - let dummy_out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n )\n };\n Tuple0\n }\n }\n }" - + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out | 4uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out3), 0)))),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }" - - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = - [ - "internal error: entered unreachable code: This function must only be called with N = 2, 3, 4" - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () - <: - t_Array Core.Fmt.Rt.t_Argument (sz 0)) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out + | _ -> out in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_block_post = - (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + (fun (self: t_Simd256Hash) (out4: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); f_shake128_squeeze_block = fun (self: t_Simd256Hash) -> @@ -209,43 +345,63 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) v_K in - let _:Prims.unit = + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_next_block self.f_shake128_state + out0 + out1 + out2 + out3 + in + let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let out2:t_Array u8 (sz 168) = tmp3 in + let out3:t_Array u8 (sz 168) = tmp4 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = match cast (v_K <: usize) <: u8 with | 2uy -> - let dummy_out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let dummy_out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(self)),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out1)))),\n )\n };\n Tuple0\n }\n }" - + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out | 3uy -> - let dummy_out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (dummy_out0)))),\n )\n };\n Tuple0\n }\n }\n }" - + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out | 4uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 168]], &mut [[int; 168]]> = {\n core::slice::impl__split_at_mut::<[int; 168]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 168]], &mut [[int; 168]]> =\n { core::slice::impl__split_at_mut::<[int; 168]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::avx2::x4::incremental::shake128_squeeze_next_block(\n &mut (deref(\n &mut (proj_libcrux_ml_kem::hash_functions::avx2::f_shake128_state(\n self,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out3), 0)))),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }" - - | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = - [ - "internal error: entered unreachable code: This function is only called with 2, 3, 4" - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () - <: - t_Array Core.Fmt.Rt.t_Argument (sz 0)) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out + | _ -> out in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 84710b508..6fda7a42c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -49,7 +49,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out1: t_Array (t_Array u8 v_LEN) v_K) + (out4: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -71,41 +71,127 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = let out:t_Array (t_Array u8 v_LEN) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in - let _:Prims.unit = + let out0:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out1:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out2:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out3:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out, out0, out1, out2, out3:(t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN) = match cast (v_K <: usize) <: u8 with | 2uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out1): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n Tuple0\n }\n }" - + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) | 3uy -> - let extra:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out12): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (extra)))),\n )\n };\n Tuple0\n }\n }\n }\n }" - + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 2 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out2 + out3 + in + let out2:t_Array u8 v_LEN = tmp0 in + let out3:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) | 4uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out123): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> = {\n core::slice::impl__split_at_mut::<[int; LEN]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; LEN]], &mut [[int; LEN]]> =\n { core::slice::impl__split_at_mut::<[int; LEN]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 0)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 1)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::shake256(\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 2)))),\n ),\n rust_primitives::unsize(\n &(deref(&(core::ops::index::Index::index(deref(input), 3)))),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out2), 0)),\n )),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out3), 0)),\n )),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }\n }" - + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 2 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out2 + out3 + in + let out2:t_Array u8 v_LEN = tmp0 in + let out3:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = - [ - "internal error: entered unreachable code: Only 2, 3, or 4 are supported for N" - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () - <: - t_Array Core.Fmt.Rt.t_Argument (sz 0)) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) in out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); @@ -207,7 +293,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_three_blocks_post = - (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + (fun (self: t_Simd128Hash) (out4: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); f_shake128_squeeze_three_blocks = (fun (self: t_Simd128Hash) -> @@ -229,41 +315,197 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = ) v_K in - let _:Prims.unit = + let out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out2:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out3:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out, out0, out1, out2, out3, self:(t_Array (t_Array u8 (sz 504)) v_K & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) = match cast (v_K <: usize) <: u8 with | 2uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out1): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(self),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n Tuple0\n }\n }" - + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) | 3uy -> - let extra:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out12): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out2): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out12)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(self),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 1,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out2), 0)))),\n ),\n rust_primitives::unsize(&mut (deref(&mut (extra)))),\n )\n };\n Tuple0\n }\n }\n }\n }" - + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 504) = tmp1 in + let out3:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) | 4uy -> - Rust_primitives.Hax.failure "" - "{\n let Tuple2(out0, out123): tuple2<&mut [[int; 504]], &mut [[int; 504]]> = {\n core::slice::impl__split_at_mut::<[int; 504]>(rust_primitives::unsize(&mut (out)), 1)\n };\n {\n let Tuple2(out1, out23): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out123)), 1) };\n {\n let Tuple2(out2, out3): tuple2<&mut [[int; 504]], &mut [[int; 504]]> =\n { core::slice::impl__split_at_mut::<[int; 504]>(&mut (deref(out23)), 1) };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 0,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out0), 0)))),\n ),\n rust_primitives::unsize(\n &mut (deref(&mut (core::ops::index::Index::index(deref(out1), 0)))),\n ),\n )\n };\n {\n let _: tuple0 = {\n libcrux_sha3::neon::x2::incremental::shake128_squeeze_first_three_blocks(\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::hash_functions::neon::f_shake128_state(\n self,\n ),\n 1,\n )),\n )),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out2), 0)),\n )),\n ),\n rust_primitives::unsize(\n &mut (deref(\n &mut (core::ops::index::Index::index(deref(out3), 0)),\n )),\n ),\n )\n };\n Tuple0\n }\n }\n }\n }\n }" - + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 504) = tmp1 in + let out3:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = - [ - "internal error: entered unreachable code: This function can only called be called with N = 2, 3, 4" - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (Core.Fmt.Rt.impl_1__none () - <: - t_Array Core.Fmt.Rt.t_Argument (sz 0)) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); @@ -291,11 +533,17 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) v_K in - let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) = + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out, out0, out1, out2, out3, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) = match cast (v_K <: usize) <: u8 with | 2uy -> - let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & t_Array u8 (sz 168) & t_Array u8 (sz 168)) = @@ -327,12 +575,13 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = let out:t_Array (t_Array u8 (sz 168)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 in - out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) | 3uy -> - let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & t_Array u8 (sz 168) & t_Array u8 (sz 168)) = @@ -392,12 +641,13 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = let out:t_Array (t_Array u8 (sz 168)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 in - out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) | 4uy -> - let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in - let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & t_Array u8 (sz 168) & t_Array u8 (sz 168)) = @@ -460,8 +710,19 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = let out:t_Array (t_Array u8 (sz 168)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 in - out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) - | _ -> out, self <: (t_Array (t_Array u8 (sz 168)) v_K & t_Simd128Hash) + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) + | _ -> + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti index 801b2d38e..2fb81e560 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -58,9 +58,9 @@ val barrett_reduce_element (value: i16) val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) : Prims.Pure i16 (requires - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"55\"; line = \"182\" };\n lo = { Types.col = \"4\"; line = \"177\" } };\n ty = Types.Never }" - ) + (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || + coefficient_bits =. 11uy) && + fe <. (cast (Libcrux_ml_kem.Constants.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:i16 = result in @@ -84,10 +84,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) /// . val compress_message_coefficient (fe: u16) : Prims.Pure u8 - (requires - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"80\"; line = \"146\" };\n lo = { Types.col = \"16\"; line = \"146\" } };\n ty = Types.Never }" - ) + (requires fe <. (cast (Libcrux_ml_kem.Constants.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:u8 = result in diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 0bad7db06..97e345336 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -170,52 +170,56 @@ pub(crate) mod avx2 { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; - + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; + match K as u8 { 2 => { - let mut dummy_out0 = [0u8; LEN]; - let mut dummy_out1 = [0u8; LEN]; - let (out0, out1) = out.split_at_mut(1); x4::shake256( &input[0], &input[1], &input[0], &input[0], - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, + &mut out0, + &mut out1, + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); x4::shake256( &input[0], &input[1], &input[2], &input[0], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, + &mut out0, + &mut out1, + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); x4::shake256( &input[0], &input[1], &input[2], &input[3], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], + &mut out0, + &mut out1, + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function must only be called with N = 2, 3, 4"), } @@ -255,42 +259,32 @@ pub(crate) mod avx2 { fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; + let mut out0 = [0u8; THREE_BLOCKS]; + let mut out1 = [0u8; THREE_BLOCKS]; + let mut out2 = [0u8; THREE_BLOCKS]; + let mut out3 = [0u8; THREE_BLOCKS]; + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0, + &mut out1, + &mut out2, + &mut out3, + ); match K as u8 { 2 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let mut dummy_out1 = [0u8; THREE_BLOCKS]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function must only be called with N = 2, 3, 4"), } @@ -301,42 +295,32 @@ pub(crate) mod avx2 { fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0, + &mut out1, + &mut out2, + &mut out3, + ); match K as u8 { 2 => { - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let mut dummy_out1 = [0u8; BLOCK_SIZE]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function is only called with 2, 3, 4"), } @@ -385,24 +369,30 @@ pub(crate) mod neon { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; match K as u8 { 2 => { - let (out0, out1) = out.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + out[0] = out0; + out[1] = out1; } 3 => { - let mut extra = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[2], &mut out2[0], &mut extra); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + x2::shake256(&input[2], &input[2], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[3], &mut out2[0], &mut out3[0]); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + x2::shake256(&input[2], &input[3], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("Only 2, 3, or 4 are supported for N"), } @@ -441,44 +431,51 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; + let mut out0 = [0u8; THREE_BLOCKS]; + let mut out1 = [0u8; THREE_BLOCKS]; + let mut out2 = [0u8; THREE_BLOCKS]; + let mut out3 = [0u8; THREE_BLOCKS]; + match K as u8 { 2 => { - let (out0, out1) = out.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut extra = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[1], - &mut out2[0], - &mut extra, + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[1], - &mut out2[0], - &mut out3[0], + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function can only called be called with N = 2, 3, 4"), } @@ -490,10 +487,13 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + match K as u8 { 2 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, @@ -503,10 +503,6 @@ pub(crate) mod neon { out[1] = out1; } 3 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, @@ -522,10 +518,6 @@ pub(crate) mod neon { out[2] = out2; } 4 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, From 463f84c328485e2785cb34fc88abc00de7c90266 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 14:42:11 +0200 Subject: [PATCH 59/74] extracts without errors --- .../fstar/extraction/Libcrux_ml_kem.Vector.fsti | 12 +++++++++--- libcrux-ml-kem/src/vector.rs | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti index 2fb81e560..1e7c0ce96 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -124,9 +124,15 @@ val montgomery_multiply_fe_by_fer (fe fer: i16) val montgomery_reduce_element (value: i32) : Prims.Pure i16 (requires - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node = Types.Err;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-ml-kem/src/vector.rs\"));\n hi = { Types.col = \"114\"; line = \"80\" };\n lo = { Types.col = \"16\"; line = \"80\" } };\n ty = Types.Never }" - ) + value >=. + ((cast (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) *! + v_MONTGOMERY_R + <: + i32) && + value <=. + ((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) *! v_MONTGOMERY_R + <: + i32)) (ensures fun result -> let result:i16 = result in diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index 7f2ca8acb..7834b3d72 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -77,7 +77,7 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { /// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) /// /// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. -#[cfg_attr(hax, hax_lib::requires(value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R))] +#[cfg_attr(hax, hax_lib::requires(value >= -(FIELD_MODULUS as i32) * MONTGOMERY_R && value <= (FIELD_MODULUS as i32) * MONTGOMERY_R))] #[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code From 04bb2fcfd69d0606fb95f2cf846bdde91bb5cb2b Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 15:53:03 +0200 Subject: [PATCH 60/74] ci: run `nix.yml` on `dev` --- .github/workflows/nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 29db314d8..1e07d3497 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -2,7 +2,7 @@ name: Nix on: push: - branches: [main] + branches: [main, dev] jobs: nix: From ccc7d28a98c7d55686b43aefe3440dd201f45976 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 11 Jun 2024 16:04:28 +0200 Subject: [PATCH 61/74] fixed fmt --- .../extraction/Libcrux_ml_kem.Constants.fsti | 3 -- .../extraction/Libcrux_ml_kem.Vector.fsti | 8 +++-- libcrux-ml-kem/src/constants.rs | 4 --- libcrux-ml-kem/src/hash_functions.rs | 32 ++++--------------- libcrux-ml-kem/src/vector.rs | 4 +-- 5 files changed, 14 insertions(+), 37 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 7078563cf..210ffc329 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -17,9 +17,6 @@ let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body -/// Field modulus: 3329 -let v_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body - /// SHA3 512 digest size let v_G_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti index 1e7c0ce96..39f142807 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -60,7 +60,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) (requires (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || coefficient_bits =. 11uy) && - fe <. (cast (Libcrux_ml_kem.Constants.v_FIELD_MODULUS <: i16) <: u16)) + fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:i16 = result in @@ -84,7 +84,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) /// . val compress_message_coefficient (fe: u16) : Prims.Pure u8 - (requires fe <. (cast (Libcrux_ml_kem.Constants.v_FIELD_MODULUS <: i16) <: u16)) + (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:u8 = result in @@ -125,7 +125,9 @@ val montgomery_reduce_element (value: i32) : Prims.Pure i16 (requires value >=. - ((cast (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) *! + ((Core.Ops.Arith.Neg.neg (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + <: + i32) *! v_MONTGOMERY_R <: i32) && diff --git a/libcrux-ml-kem/src/constants.rs b/libcrux-ml-kem/src/constants.rs index 13a5d7856..885a3eaec 100644 --- a/libcrux-ml-kem/src/constants.rs +++ b/libcrux-ml-kem/src/constants.rs @@ -1,7 +1,3 @@ -#[cfg(hax)] -/// Field modulus: 3329 -pub(crate) const FIELD_MODULUS: i16 = 3329; - /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent pub(crate) const BITS_PER_COEFFICIENT: usize = 12; diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 97e345336..d22029642 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -174,32 +174,20 @@ pub(crate) mod avx2 { let mut out1 = [0u8; LEN]; let mut out2 = [0u8; LEN]; let mut out3 = [0u8; LEN]; - + match K as u8 { 2 => { x4::shake256( - &input[0], - &input[1], - &input[0], - &input[0], - &mut out0, - &mut out1, - &mut out2, - &mut out3, + &input[0], &input[1], &input[0], &input[0], &mut out0, &mut out1, + &mut out2, &mut out3, ); out[0] = out0; out[1] = out1; } 3 => { x4::shake256( - &input[0], - &input[1], - &input[2], - &input[0], - &mut out0, - &mut out1, - &mut out2, - &mut out3, + &input[0], &input[1], &input[2], &input[0], &mut out0, &mut out1, + &mut out2, &mut out3, ); out[0] = out0; out[1] = out1; @@ -207,14 +195,8 @@ pub(crate) mod avx2 { } 4 => { x4::shake256( - &input[0], - &input[1], - &input[2], - &input[3], - &mut out0, - &mut out1, - &mut out2, - &mut out3, + &input[0], &input[1], &input[2], &input[3], &mut out0, &mut out1, + &mut out2, &mut out3, ); out[0] = out0; out[1] = out1; diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index 7834b3d72..010cba802 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -143,7 +143,7 @@ fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVec /// /// The NIST FIPS 203 standard can be found at /// . -#[cfg_attr(hax, hax_lib::requires(fe < (crate::constants::FIELD_MODULUS as u16)))] +#[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))] #[cfg_attr(hax, hax_lib::ensures(|result| hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) && hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0) @@ -179,7 +179,7 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 { coefficient_bits == 5 || coefficient_bits == 10 || coefficient_bits == 11) && - fe < (crate::constants::FIELD_MODULUS as u16)))] + fe < (FIELD_MODULUS as u16)))] #[cfg_attr(hax, hax_lib::ensures( |result| result >= 0 && result < 2i16.pow(coefficient_bits as u32)))] From 9d957d6e3b57fd20d1e72e09c9d680efafc5756a Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 16:00:00 +0200 Subject: [PATCH 62/74] ml-kem: enable overriding dependencies' revisions --- flake.nix | 4 ++++ libcrux-ml-kem/c.sh | 12 ++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index a694e47c0..e07434444 100644 --- a/flake.nix +++ b/flake.nix @@ -81,6 +81,10 @@ ''; FSTAR_HOME = inputs.fstar.packages.${system}.default; KRML_HOME = inputs.karamel.packages.${system}.default.home; + CHARON_REV = inputs.charon.rev; + EURYDICE_REV = inputs.eurydice.rev; + KRML_REV = inputs.karamel.rev; + FSTAR_REV = inputs.fstar.rev; }; in { diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 11488924c..a597cded9 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -70,13 +70,17 @@ clang-format --style=Google -i internal/*.h clang-format --style=Google -i intrinsics/*.h # Write out infos about the used tools +[ -z "$CHARON_REV" ] && export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) +[ -z "$EURYDICE_REV" ] && export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) +[ -z "$KRML_REV" ] && export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) +[ -z "$FSTAR_REV" ] && export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) rm -f code_gen.txt echo "This code was generated with the following tools:" >> code_gen.txt echo -n "Charon: " >> code_gen.txt -git -C $CHARON_HOME rev-parse HEAD >> code_gen.txt +echo "$CHARON_REV" >> code_gen.txt echo -n "Eurydice: " >> code_gen.txt -git -C $EURYDICE_HOME rev-parse HEAD >> code_gen.txt +echo "$EURYDICE_REV" >> code_gen.txt echo -n "Karamel: " >> code_gen.txt -git -C $KRML_HOME rev-parse HEAD >> code_gen.txt +echo "$KRML_REV" >> code_gen.txt echo -n "F*: " >> code_gen.txt -git -C $FSTAR_HOME rev-parse HEAD >> code_gen.txt +echo "$FSTAR_REV" >> code_gen.txt From 729d07b76d188e64f7aadc17de9356f6dbeaf83d Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 16:09:34 +0200 Subject: [PATCH 63/74] format --- flake.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flake.nix b/flake.nix index e07434444..35be04a13 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,7 @@ ml-kem = craneLib.buildPackage { name = "ml-kem"; inherit src cargoArtifacts; + nativeBuildInputs = [ pkgs.clang-tools pkgs.cmake @@ -73,6 +74,7 @@ build/Release/ml_kem_bench ''; installPhase = "cp -r . $out"; + CHARON_HOME = inputs.charon.packages.${system}.default; EURYDICE_HOME = pkgs.runCommand "eurydice-home" { } '' mkdir -p $out @@ -81,6 +83,7 @@ ''; FSTAR_HOME = inputs.fstar.packages.${system}.default; KRML_HOME = inputs.karamel.packages.${system}.default.home; + CHARON_REV = inputs.charon.rev; EURYDICE_REV = inputs.eurydice.rev; KRML_REV = inputs.karamel.rev; From 9cb5580922921208ccdf69668fbb733a771abc4a Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 16:23:00 +0200 Subject: [PATCH 64/74] update `flake.lock` --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index c06ddd613..42da119bd 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1717577599, - "narHash": "sha256-5LxkX4sCtd82/h3WXkbDP4eWQMP+7Wd2xhg6xLQXQV4=", + "lastModified": 1718091767, + "narHash": "sha256-H5yk4492tRc638LvFGQGva2yjQPbWt71Aj7OAhT57KU=", "owner": "aeneasverif", "repo": "charon", - "rev": "a00876a9cd94e9ac63dbb71dae3df337b568dba3", + "rev": "0b8b7a82c2a18f65ab9df16f222d52594c17f59c", "type": "github" }, "original": { @@ -33,11 +33,11 @@ ] }, "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "lastModified": 1701622587, + "narHash": "sha256-o3XhxCCyrUHZ0tlta2W7/MuXzy+n0+BUt3rKFK3DIK4=", "owner": "ipetkov", "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "rev": "c09d2cbe84cc2adfe1943cb2a0b55a71c835ca9a", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1717520324, - "narHash": "sha256-w20SD6lKSjE5Zc7dLnCceF9EOHCZbWxyMDgqVds4f28=", + "lastModified": 1718042534, + "narHash": "sha256-h5qZeZYmTF+rAj5JdZQWcbt3V+IQs8QRS+BFnm3Bay8=", "owner": "aeneasverif", "repo": "eurydice", - "rev": "9f8d759db7e7c8dfb406e1b373d316aadc5cdd98", + "rev": "f5a2305081d09f3b45ed272e5388e542f4c4a7c1", "type": "github" }, "original": { @@ -203,11 +203,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1716897445, - "narHash": "sha256-Ytz9l3PjhBHULVZphHoUj15Ad8Wq3cIK6Paus32NB1w=", + "lastModified": 1717456679, + "narHash": "sha256-GjDR+YhmIBHJ/1WotSwcHYmXP1VvkZS5I2YpPJlzWDc=", "owner": "FStarLang", "repo": "fstar", - "rev": "9820798dcc31cd1ea5c164611a67f58ade0b7655", + "rev": "6d124af2bda315ae20f9fe974ffc668f8bd5791d", "type": "github" }, "original": { @@ -222,11 +222,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1716897445, - "narHash": "sha256-Ytz9l3PjhBHULVZphHoUj15Ad8Wq3cIK6Paus32NB1w=", + "lastModified": 1717456679, + "narHash": "sha256-GjDR+YhmIBHJ/1WotSwcHYmXP1VvkZS5I2YpPJlzWDc=", "owner": "fstarlang", "repo": "fstar", - "rev": "9820798dcc31cd1ea5c164611a67f58ade0b7655", + "rev": "6d124af2bda315ae20f9fe974ffc668f8bd5791d", "type": "github" }, "original": { @@ -252,11 +252,11 @@ ] }, "locked": { - "lastModified": 1717454922, - "narHash": "sha256-3yseAxgtqchKisDIWvU2hxC5rqNbQd7HDAPo28Gnzpk=", + "lastModified": 1718042424, + "narHash": "sha256-6rpa26YdxXiV+PftX11ODFu1yiUAWHHRNgtOhf9mFoY=", "owner": "FStarLang", "repo": "karamel", - "rev": "749859845fed65d9391f4ba318c8cf27292a85ce", + "rev": "22425a93c68d9e3794909f98854aaffdc0560510", "type": "github" }, "original": { From fe3086825f2f9e9975bb2882cc08fce847dfe7c7 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 16:35:51 +0200 Subject: [PATCH 65/74] fix --- libcrux-ml-kem/c.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index a597cded9..e1129e50c 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -70,10 +70,10 @@ clang-format --style=Google -i internal/*.h clang-format --style=Google -i intrinsics/*.h # Write out infos about the used tools -[ -z "$CHARON_REV" ] && export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) -[ -z "$EURYDICE_REV" ] && export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) -[ -z "$KRML_REV" ] && export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) -[ -z "$FSTAR_REV" ] && export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) +[ -n "$CHARON_REV" ] || export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) +[ -n "$EURYDICE_REV" ] || export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) +[ -n "$KRML_REV" ] || export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) +[ -n "$FSTAR_REV" ] || export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) rm -f code_gen.txt echo "This code was generated with the following tools:" >> code_gen.txt echo -n "Charon: " >> code_gen.txt From a21496bcb066c23c24fb1d22c073f140f9bda2ea Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Tue, 11 Jun 2024 21:55:45 +0200 Subject: [PATCH 66/74] ci: fix `hax.yml` --- .github/workflows/hax.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index c6f4f4748..9f7b6fc2d 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -28,9 +28,6 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - - name: Update dependencies - run: cargo update - - name: ⤵ Install FStar run: nix profile install github:FStarLang/FStar/v2024.01.13 From 5b13693f4c4e2df8991f2d5816fd1eede3e602c9 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 12 Jun 2024 08:06:39 +0200 Subject: [PATCH 67/74] update C extration --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 24 - .../c/internal/libcrux_sha3_internal.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 569 +++++++----------- libcrux-ml-kem/c/libcrux_sha3_internal.h | 338 +++++------ libcrux-ml-kem/c/mach | 75 +++ 6 files changed, 478 insertions(+), 542 deletions(-) create mode 100755 libcrux-ml-kem/c/mach diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 511c010db..0da0e1229 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: Charon: 0b8b7a82c2a18f65ab9df16f222d52594c17f59c -Eurydice: f5a2305081d09f3b45ed272e5388e542f4c4a7c1 +Eurydice: ec9da30ba3723647ca6f03810cfcfd418bd48bf8 Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 F*: \ No newline at end of file diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b4f7dd467..9e3db79d7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -148,36 +148,12 @@ uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( Eurydice_slice lhs, Eurydice_slice rhs); -typedef struct - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); -typedef struct - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; - Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d31a0635a..e7c8658a4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -45,7 +45,7 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -54,7 +54,7 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -129,7 +129,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -138,7 +138,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -147,7 +147,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( s, o1); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -156,7 +156,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( s, o2); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ea61181bb..8445a7bbe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1810,42 +1810,30 @@ static inline void shake128_squeeze_three_blocks___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -1894,42 +1882,30 @@ static inline void shake128_squeeze_block___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -2116,48 +2092,36 @@ typedef struct static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -4573,50 +4537,33 @@ static inline void shake128_squeeze_three_blocks___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____7[504U]; + memcpy(uu____7, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -4665,50 +4612,33 @@ static inline void shake128_squeeze_block___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -4875,56 +4805,39 @@ typedef struct static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____10[128U]; + memcpy(uu____10, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____10, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -6124,34 +6037,27 @@ static inline void shake128_squeeze_three_blocks___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - uint8_t dummy_out1[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -6200,34 +6106,27 @@ static inline void shake128_squeeze_block___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - uint8_t dummy_out1[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6394,40 +6293,33 @@ typedef struct static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - uint8_t dummy_out0[192U] = {0U}; - uint8_t dummy_out1[192U] = {0U}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], - Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[192U]; + memcpy(uu____7, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____8[192U]; + memcpy(uu____8, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)192U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6800,40 +6692,33 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768s static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - uint8_t dummy_out1[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index ff9426779..a2e760d8e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -42,7 +42,7 @@ static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 9223372039002292232ULL}; static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero( void) { return 0ULL; } @@ -56,7 +56,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } @@ -74,7 +74,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); } @@ -86,7 +86,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___and_not_xor( uint64_t a, uint64_t b, uint64_t c) { return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); } @@ -97,13 +97,13 @@ static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_constant( uint64_t a, uint64_t c) { return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor( uint64_t a, uint64_t b) { return a ^ b; } @@ -118,7 +118,7 @@ static inline void libcrux_sha3_portable_keccak_slice_1( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); @@ -143,7 +143,7 @@ libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], } static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( Eurydice_slice a[1U], size_t mid) { return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } @@ -157,55 +157,55 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__Tra void) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); return lit; } @@ -241,7 +241,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -262,7 +262,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); } @@ -280,7 +280,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); } @@ -298,7 +298,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); } @@ -316,7 +316,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); } @@ -329,7 +329,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); } @@ -347,7 +347,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); } @@ -365,7 +365,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); } @@ -383,7 +383,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); } @@ -401,7 +401,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); } @@ -419,7 +419,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); } @@ -437,7 +437,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); } @@ -455,7 +455,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); } @@ -473,7 +473,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); } @@ -491,7 +491,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); } @@ -509,7 +509,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); } @@ -527,7 +527,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); } @@ -545,7 +545,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); } @@ -563,7 +563,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); } @@ -581,7 +581,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); } @@ -599,7 +599,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); } @@ -617,7 +617,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); } @@ -635,7 +635,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); } @@ -653,7 +653,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); } @@ -671,7 +671,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); } @@ -679,145 +679,145 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); uint64_t uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); uint64_t uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); uint64_t uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); uint64_t c[5U] = { uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], s->st[4U][4U])}; uint64_t uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); uint64_t uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); uint64_t uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); uint64_t uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); uint64_t t[5U] = { uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; uint64_t uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor( s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; uint64_t uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; uint64_t uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; uint64_t uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; uint64_t uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; uint64_t uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } @@ -861,7 +861,7 @@ static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___and_not_xor( s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], old[i1][(j + (size_t)1U) % (size_t)5U]); s->st[i1][j] = uu____0;);); @@ -870,7 +870,7 @@ static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_constant( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); s->st[0U][0U] = uu____0; } @@ -907,7 +907,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -931,7 +931,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___168size_t(a, b); } @@ -941,7 +941,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( s->st, out); } @@ -949,12 +949,12 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( s->st, out); } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -969,7 +969,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -987,7 +987,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); @@ -999,7 +999,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( s->st, b); { size_t i = (size_t)0U; @@ -1023,7 +1023,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( s.st, b); { size_t i = (size_t)0U; @@ -1054,7 +1054,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( uu____0, ret); @@ -1065,7 +1065,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( @@ -1078,7 +1078,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1098,7 +1098,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)168U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1148,7 +1148,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___104size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1163,7 +1163,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___104size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1177,7 +1177,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___104size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1206,7 +1206,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___104size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1242,7 +1242,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); @@ -1254,7 +1254,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( s->st, b); { size_t i = (size_t)0U; @@ -1273,7 +1273,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___104size_t(a, b); } @@ -1282,7 +1282,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( s->st, out); } @@ -1291,7 +1291,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( s->st, out); } @@ -1301,7 +1301,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( s.st, b); { size_t i = (size_t)0U; @@ -1332,7 +1332,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( uu____0, ret); @@ -1343,7 +1343,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( @@ -1356,7 +1356,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)104U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1376,7 +1376,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)104U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1426,7 +1426,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___144size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1441,7 +1441,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___144size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1455,7 +1455,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___144size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1484,7 +1484,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___144size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1520,7 +1520,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); @@ -1532,7 +1532,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( s->st, b); { size_t i = (size_t)0U; @@ -1551,7 +1551,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___144size_t(a, b); } @@ -1560,7 +1560,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( s->st, out); } @@ -1569,7 +1569,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( s->st, out); } @@ -1579,7 +1579,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( s.st, b); { size_t i = (size_t)0U; @@ -1610,7 +1610,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( uu____0, ret); @@ -1621,7 +1621,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( @@ -1634,7 +1634,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1654,7 +1654,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1704,7 +1704,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1719,7 +1719,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1733,7 +1733,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1762,7 +1762,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1798,7 +1798,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); @@ -1810,7 +1810,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( s->st, b); { size_t i = (size_t)0U; @@ -1829,7 +1829,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___136size_t(a, b); } @@ -1838,7 +1838,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( s->st, out); } @@ -1847,7 +1847,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( s->st, out); } @@ -1857,7 +1857,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( s.st, b); { size_t i = (size_t)0U; @@ -1888,7 +1888,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uu____0, ret); @@ -1899,7 +1899,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( @@ -1912,7 +1912,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)136U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1932,7 +1932,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)136U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1979,7 +1979,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1997,7 +1997,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uu____0, ret); @@ -2008,7 +2008,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( @@ -2021,7 +2021,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)136U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2041,7 +2041,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)136U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2091,7 +2091,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___72size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -2106,7 +2106,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___72size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -2120,7 +2120,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___72size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -2149,7 +2149,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___72size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -2185,7 +2185,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); @@ -2197,7 +2197,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( s->st, b); { size_t i = (size_t)0U; @@ -2216,7 +2216,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___72size_t(a, b); } @@ -2225,7 +2225,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( s->st, out); } @@ -2234,7 +2234,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( s->st, out); } @@ -2244,7 +2244,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( s.st, b); { size_t i = (size_t)0U; @@ -2275,7 +2275,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); @@ -2286,7 +2286,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( @@ -2299,7 +2299,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)72U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2319,7 +2319,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)72U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); diff --git a/libcrux-ml-kem/c/mach b/libcrux-ml-kem/c/mach new file mode 100755 index 000000000..7fa343011 --- /dev/null +++ b/libcrux-ml-kem/c/mach @@ -0,0 +1,75 @@ +#! /usr/bin/env python3 + +import os +import argparse +import platform +import subprocess +import sys + + +def shell(command, expect=0, cwd=None, env={}): + subprocess_stdout = subprocess.DEVNULL + + print("Env:", env) + print("Command: ", end="") + for i, word in enumerate(command): + if i == 4: + print("'{}' ".format(word), end="") + else: + print("{} ".format(word), end="") + + print("\nDirectory: {}".format(cwd)) + + os_env = os.environ + os_env.update(env) + + ret = subprocess.run(command, cwd=cwd, env=os_env) + if ret.returncode != expect: + raise Exception("Error {}. Expected {}.".format(ret, expect)) + + +class buildAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: + if platform.system() == "Windows": + # On Windows we use MSVC etc. by default. + # There's no multi config here. The type needs to be set when configuring. + cmake_args = [] + if args.release: + cmake_args.append("-DCMAKE_BUILD_TYPE=Release") + shell(["cmake", "-B", "build"] + cmake_args) + else: + # By default we use ninja with a multi config and set the build type + # during the build. + cmake_build_args = [] + if args.release: + cmake_build_args.append("--config Release") + shell(["cmake", "-B", "build", "-GNinja Multi-Config"]) + shell(["cmake", "--build", "build"] + cmake_build_args) + return None + + +def parse_arguments(): + parser = argparse.ArgumentParser(description="Libcrux C build helper.") + subparsers = parser.add_subparsers() + + build_parser = subparsers.add_parser("build", help="Build the C code.") + build_parser.add_argument("build", nargs="*", action=buildAction) + build_parser.add_argument( + "--release", action="store_true", help="Build in relase mode" + ) + + if len(sys.argv) == 1: + parser.print_help(sys.stderr) + sys.exit(1) + + return parser.parse_args() + + +def main(): + # Don't print unnecessary Python stack traces. + sys.tracebacklimit = 0 + parse_arguments() + + +if __name__ == "__main__": + main() From 20402d5d1551471f0e4afad2e964963335c3c876 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 12 Jun 2024 08:29:14 +0200 Subject: [PATCH 68/74] CI fixes --- .github/workflows/hax.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 9f7b6fc2d..e25b27e4b 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -59,11 +59,11 @@ jobs: rm -f sys/platform/proofs/fstar/extraction/*.fst* ./hax-driver.py --kyber-reference - - name: 🏃 Regenerate `extraction-*` folders - run: ./proofs/fstar/patches.sh apply +# - name: 🏃 Regenerate `extraction-*` folders +# run: ./proofs/fstar/patches.sh apply - - name: 🏃 Make sure snapshots are up-to-date - run: git diff --exit-code +# - name: 🏃 Make sure snapshots are up-to-date +# run: git diff --exit-code - name: 🏃 Verify the Kyber reference code run: | @@ -92,7 +92,7 @@ jobs: - name: 🏃 Extract & Verify ML-KEM crate (lax) run: | cd libcrux-ml-kem - # ./hax.py extract + ./hax.py extract # env FSTAR_HOME=${{ github.workspace }}/fstar \ # HACL_HOME=${{ github.workspace }}/hacl-star \ # HAX_HOME=${{ github.workspace }}/hax \ From e9e60676928364e1c485ed0a8755c5e5f1b055e5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 12 Jun 2024 08:48:17 +0200 Subject: [PATCH 69/74] drop unnecessary hax jobs --- .github/workflows/hax.yml | 60 +-------------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index e25b27e4b..784c063cf 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -52,44 +52,7 @@ jobs: run: | nix profile install ./hax - - name: 🏃 Extract the Kyber reference code - run: | - eval $(opam env) - (cd proofs/fstar/extraction/ && ./clean.sh) - rm -f sys/platform/proofs/fstar/extraction/*.fst* - ./hax-driver.py --kyber-reference - -# - name: 🏃 Regenerate `extraction-*` folders -# run: ./proofs/fstar/patches.sh apply - -# - name: 🏃 Make sure snapshots are up-to-date -# run: git diff --exit-code - - - name: 🏃 Verify the Kyber reference code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - ./hax-driver.py --verify-extraction - - - name: 🏃 Verify Kyber `extraction-edited` F* code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - make -C proofs/fstar/extraction-edited - - - name: 🏃 Verify Kyber `extraction-secret-independent` F* code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - make -C proofs/fstar/extraction-secret-independent - - - name: 🏃 Extract & Verify ML-KEM crate (lax) + - name: 🏃 Extract ML-KEM crate run: | cd libcrux-ml-kem ./hax.py extract @@ -98,24 +61,3 @@ jobs: # HAX_HOME=${{ github.workspace }}/hax \ # PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ # ./hax.py prove --admit - - - name: 🏃 Extract the Kyber specification - run: | - eval $(opam env) - # Extract the functions in the compress module individually to test - # the function-extraction code. - # Extract functions from the remaining modules to test the - # module-extraction code. - ./hax-driver.py --crate-path specs/kyber \ - --functions hacspec_kyber::compress::compress \ - hacspec_kyber::compress::decompress \ - hacspec_kyber::compress::compress_d \ - hacspec::kyber::compress::decompress_d \ - --modules ind_cpa \ - hacspec_kyber \ - matrix \ - ntt \ - parameters \ - sampling \ - serialize \ - --exclude-modules libcrux::hacl::sha3 libcrux::digest From 3c9bba322ccdc01d04cb08b6398f231802d5f1be Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 12 Jun 2024 09:36:37 +0200 Subject: [PATCH 70/74] fixing hax.py to generate .fst files --- libcrux-ml-kem/hax.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index dfe92840c..037f0ae47 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -101,8 +101,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: ) # Extract ml-kem - include_str = "+:** -libcrux_ml_kem::types::index_impls::**" - interface_include = "+*" + include_str = "+** -libcrux_ml_kem::types::index_impls::**" + interface_include = "+**" cargo_hax_into = [ "cargo", "hax", From 3df9ae975ca3e0b6bd1e33c57c7ad8e5af8215c5 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 12 Jun 2024 09:54:14 +0200 Subject: [PATCH 71/74] update `flake.lock` --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 42da119bd..336a2fcb4 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1718091767, - "narHash": "sha256-H5yk4492tRc638LvFGQGva2yjQPbWt71Aj7OAhT57KU=", + "lastModified": 1718119153, + "narHash": "sha256-/7Lv10doYagB+h9LzoT8hG9ns5ejEsAXBnii2kNDSoQ=", "owner": "aeneasverif", "repo": "charon", - "rev": "0b8b7a82c2a18f65ab9df16f222d52594c17f59c", + "rev": "0d3ba218b611b31cd9b800c237f15f7ffc787845", "type": "github" }, "original": { @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "lastModified": 1718078026, + "narHash": "sha256-LbQabH6h86ZzTvDnaZHmMwedRZNB2jYtUQzmoqWQoJ8=", "owner": "ipetkov", "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "rev": "a3f0c63eed74a516298932b9b1627dd80b9c3892", "type": "github" }, "original": { @@ -81,11 +81,11 @@ ] }, "locked": { - "lastModified": 1718042534, - "narHash": "sha256-h5qZeZYmTF+rAj5JdZQWcbt3V+IQs8QRS+BFnm3Bay8=", + "lastModified": 1718124394, + "narHash": "sha256-1sYQb6Oy/BtMBiWJ7X+nOf8+ZVWBmmm+29NtrIj3w2s=", "owner": "aeneasverif", "repo": "eurydice", - "rev": "f5a2305081d09f3b45ed272e5388e542f4c4a7c1", + "rev": "b2b62fffab78f91de07c20a7fa7385242fd54a0d", "type": "github" }, "original": { @@ -297,11 +297,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1717196966, - "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", "type": "github" }, "original": { From 650d1993a2308e03bbbd4bcf9a42cde654a87fa8 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 12 Jun 2024 10:27:00 +0200 Subject: [PATCH 72/74] nix: run hax --- flake.lock | 210 ++++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 8 +- 2 files changed, 216 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index 336a2fcb4..4f2422f00 100644 --- a/flake.lock +++ b/flake.lock @@ -66,6 +66,33 @@ "type": "github" } }, + "crane_3": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1693787605, + "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "eurydice": { "inputs": { "charon": [ @@ -109,6 +136,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -197,6 +240,24 @@ "type": "github" } }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fstar": { "inputs": { "flake-utils": "flake-utils_3", @@ -235,6 +296,71 @@ "type": "github" } }, + "fstar_3": { + "inputs": { + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705191588, + "narHash": "sha256-xjSWDP8mSjLcn+0hsRpEdzsBgBR+mKCZB8yLmHl+WqE=", + "owner": "FStarLang", + "repo": "FStar", + "rev": "a32b316e521fa4f239b610ec8f1d15e78d62cbe8", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "ref": "v2024.01.13", + "repo": "FStar", + "type": "github" + } + }, + "hacl-star": { + "flake": false, + "locked": { + "lastModified": 1699634660, + "narHash": "sha256-/mAi8wdlO1HHYKVj8pN/y5FUM/AwVPNazYFSy9pDlpY=", + "owner": "hacl-star", + "repo": "hacl-star", + "rev": "7f42aba60b37bc011d19472284bfcd3b95c1538e", + "type": "github" + }, + "original": { + "owner": "hacl-star", + "repo": "hacl-star", + "type": "github" + } + }, + "hax": { + "inputs": { + "crane": "crane_3", + "flake-utils": "flake-utils_6", + "fstar": "fstar_3", + "hacl-star": "hacl-star", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "lastModified": 1717675342, + "narHash": "sha256-ZeBd/7OFaw5QXdHhMbspSrc2QiEYKKxtWHIZ6mHsCBY=", + "owner": "hacspec", + "repo": "hax", + "rev": "46bb5c19fb6f6397e15d9a4ff86c556482f81802", + "type": "github" + }, + "original": { + "owner": "hacspec", + "repo": "hax", + "type": "github" + } + }, "karamel": { "inputs": { "flake-utils": [ @@ -296,6 +422,20 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1694343207, + "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78058d810644f5ed276804ce7ea9e82d92bee293", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1717974879, "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", @@ -321,11 +461,12 @@ "eurydice", "fstar" ], + "hax": "hax", "karamel": [ "eurydice", "karamel" ], - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" } }, "rust-overlay": { @@ -353,6 +494,58 @@ "type": "github" } }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "hax", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693707092, + "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716862669, + "narHash": "sha256-7oTPM9lcdwiI1cpRC313B+lHawocgpY5F07N+Rbm5Uk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "47b2d15658b37716393b2463a019000dbd6ce4bc", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -427,6 +620,21 @@ "repo": "default", "type": "github" } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 35be04a13..433908416 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,7 @@ }; fstar.follows = "eurydice/fstar"; karamel.follows = "eurydice/karamel"; + hax.url = "github:hacspec/hax"; }; outputs = @@ -55,9 +56,11 @@ pkgs.mold-wrapped pkgs.ninja pkgs.python3 + inputs.hax.packages.${system}.default ]; buildPhase = '' cd libcrux-ml-kem + python hax.py extract bash c.sh cd c cmake \ @@ -73,7 +76,10 @@ build/Release/ml_kem_test build/Release/ml_kem_bench ''; - installPhase = "cp -r . $out"; + installPhase = '' + cd ./.. + cp -r . $out + ''; CHARON_HOME = inputs.charon.packages.${system}.default; EURYDICE_HOME = pkgs.runCommand "eurydice-home" { } '' From 95b4a48868d86c5e2fdfe7d485ca341c9a1ea7a3 Mon Sep 17 00:00:00 2001 From: Paul-Nicolas Madelaine Date: Wed, 12 Jun 2024 11:04:24 +0200 Subject: [PATCH 73/74] ci: update `nix.yml` --- .github/workflows/nix.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 1e07d3497..4259aca31 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -3,11 +3,18 @@ name: Nix on: push: branches: [main, dev] + pull_request: jobs: nix: runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@v12 + - uses: DeterminateSystems/magic-nix-cache-action@v7 + - name: Install & configure Cachix + shell: bash + run: | + nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install + cachix use hax - uses: actions/checkout@v4 - run: nix build -L .#ml-kem From f231c8599a057a13e35d1f15176d03c477b9b3cf Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 12 Jun 2024 11:17:58 +0200 Subject: [PATCH 74/74] update lock --- Cargo.lock | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0b33d0864..a8e8f334e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1028,13 +1028,6 @@ dependencies = [ "rand", ] -[[package]] -name = "libcrux-simd" -version = "0.0.2-pre.2" -dependencies = [ - "libcrux-platform", -] - [[package]] name = "libfuzzer-sys" version = "0.4.7"